Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm trying to figure out the best way to setup a central place to store and interrogate server logs, using CentOS 5.x. syslog, Apache, MySQL etc all in one place.
I've found a few different options but I'm not sure what's best. I'm looking for something that is easy to install and keep updated on many virtual machines. I can add it to a VM template going forward but I'd also like it to be light, easy to install so I can keep the VM complexity down.
The options I've found so far are:
syslogd
syslog-ng
rsyslog
syslogd/syslog-ng/rsyslog to logstash/ElasticSearch
logstash agent in each log "client" to send to Redis/logstash/ElasticSearch
And all sorts of permutations of the above.
What's the most resilient and light from the log "client" perspective?
I'd like to avoid the situation where log "clients" hang because they are unable to send their logs to the logging server. Also I would still like to keep local logging and the rotation/retention provided by logrotate in place.
Any ideas/suggestions or reasons for or against any of the above?
Or suggestions of a different structure entirely?
Yeah, I looked at rsyslog but was concerned about the age of the version in the repos.
I just checked on the version in the CentOS repos, it's 3.22.1-7.el5 which appears to be from 07-2009. I thought it might be older considering the latest stable version seems to be v7.2
I don't really want to be compiling stuff from source on loads of VMs. A yum install I could deal with though.
Having said that, if v3.22 does the job and is included in the CentOS base repo, then that might be the way to go. It wouldn't be included in the CentOS base repo if it didn't work pretty damn well.
Is there nothing of use built-in to CentOS's shipped syslogd or sysklogd or whatever it is (confused)?
If rsyslog is the modern equivalent and recommended way then I'll look into it, sending straight to logstash running on another server.
That's brilliant. I wanted to avoid compiling anything from source on the VM template, installing another repo to get the latest rsyslog package is a good solution.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
CentOS centralised logging, syslogd, rsyslog, syslog-ng, logstash sender?
