|
|
|
|
|
|
by js2
5734 days ago
|
|
|
Turns out I am a sysadmin as well, and I'm asserting that each has various strengths. I have used syslog-ng as long ago as 2001, so I have some experience with it. Today I would recommend rsyslog. It is the default logger in Ubuntu 10.04 LTS and Fedora is also transitioning to it: http://fedoraproject.org/wiki/Releases/FeatureRsyslog Further, I think that RELP and on-demand disk spooling of messages are compelling features. Its performance and reliability are good enough to feed your web-server access logs through. I wouldn't overlook rsyslog, but I'm also not saying "just use it" because syslog-ng is certainly worth evaluating as well. Edit: see also http://www.linuxjournal.com/content/centralized-logging-web-... |
|
|
I think that RELP and on-demand disk spooling of messages are compelling features
I think we're coming at the question from different perspectives. One of my primary goals is to avoid wasting my time. Since I've already evaluated and experimentally proven syslog-ng, switching means a large time investment.
As such, features like REPL and, arguably misfeatures[1], like disk spooling, fail to compel such an investment.
Once rsyslog has matured, something that I expect will be accelerated by its inclusion in major distros, it may be a no-brainer.
For my "money," there are far more interesting and productive problems to work on than logging, which is why I do give the "just use it" advice.
Turns out I am a sysadmin as well
By choice or necessity? Just curiosity on my part.
[1] I have yet to encounter an environment of non-trivial size where the risk of losing logging outweighs the risk of disk filling up and/or performance degradation from additional contentious I/O. For me, it's a killer feature of centralized logging: elimination of a particular source of failure/degradation.