[ Thanks to Falko
Timme for this link. ]
“Gathering log messages is important. In a lot of
situations you’ll want to store all entries of logfiles on another
server. If a server crashes or gets hacked you want to be able to
browse through logfiles from this machine and you want to be sure
these log files are not altered in any way. This can be
accomplished using a central logserver that receives messages from
all other hosts. A syslog facility can receive messages from UNIX
and Linux hosts but also network devices and certainly Windows
hosts. Such a syslog host should make these logfiles available to
auditors and sysops using a read-only interface or they should not
be available to anyone until an incident occurs.“Technically the difference is in how you store the
messages:
– in plain text on a filesystem
– in an sql database with a web-interface“This howto describes rsyslog putting log messages in one file
per day per remote host. Rsyslog is the current standard in RHEL6
and available as a package in the current package streams in RHEL
5.5 (and CentOS 5.5). Setting up rsyslog is pretty simple. It all
comes down to a single config file but (there is always a but)
every setting needs some planning.”