Re: Need to implemet Syslog server

[Jon Agland <jon () sftwales com>]

Syslog on Unix/Linux doesn't seem to use that much CPU/Memory it seems however 
to be a big user of Hard Disk space, only Today we had a site that we had 
been logging port 135 traffic from their Router to a very aging SPARC 4 and 
it had managed to write nearly 4GB of data in 2 days, it did however not 
affect any of the other services running on the machine (Exim + Bind)

Alternatively we have a SunFire v100 with 512MB of RAM, receiving syslogs from 
37 routers and this manages fine along with running a webserver and MRTG for 
the same 37 Routers (about 6 interfaces on each, plus temperature probing a 
batch of routers every minute).

Therefore, I would think that you just need a machine with Linux (whatever 
flavour!) 500MHZ+, 256MB of RAM, but make you have lots of discs space (how 
much depends how many long you want to keep data for and how much each 
machine is creating).  Also I would consider RAID (IDE Raid would do) if you 
are paranoid or its absolutely mission crucial.   You would want to implement 
log rotation so the logs don't get so big that you fill the disc on the 
server.  Consider putting /var/log onto a seperate partition so you don't 
affect the Operating System in the event that you do fill the drive.

All you will need to do to syslog so that the messages are not in the same 
file as the Unix/Linux machine messages is add an entry in /etc/syslog.conf..

local7.debug                                    /var/log/filename.log

Cheers

Jon.

On Thursday 11 November 2004 10:43, Juan B wrote:
> Hi,
>
> On my network I need to implement a Syslog server
> which will need to log from many servers as windows
> 2000 domain controllers, Ids systems maybe cisco
> routers and 'etc.
>
> I know that there are some expensive products ans
> netiq and tivoi but I need something cheep cause I
> dont have budget ....
>
>
> Also, assuming I have many servers ( 15-20 servers to
> take logs from) what are the Syslog hardware server
> requirments? more CPU? memory ?
> which is the best open source software to use? I
> prefer to work with Red hat.
>
> thanks,
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Check out the new Yahoo! Front Page.
> www.yahoo.com