The Logging Project was born out of a need for secure, centralized, fault tolerant, real time logging. The task of monitoring several hosts can be tedious and frustrating when logs are not stored centrally. Syslog replacements do not suffice, because system logs are only part of the package. Web servers, IDS and other application specific logs are of equal interest to the administrator. These replacements seem like overkill because they often reinvent the wheel and complicate the issue of simply logging messages. TLP deals solely with the problem of gathering logs in a central place securely. It attempts to deliver messages at all costs and will withstand network outages and host failures (within reason).
TLP is a modularized and much improved re-write of salt. Each separate role salt performed was identified and implemented as a stand-alone program. The collection of these tools provide a much more robust and flexible architecture allowing for message selection, mutation, and compression.
Supported Features:
* TLSv1 between client and server (OpenSSL)
* Monitor any text file in real time
* Centralized logging to regular files (demux)
* Centralized logging to syslog (syslate/stale/streamlog)
* Firewall friendly
* Message queuing when tunnel is offline (sptc)
* Limited queue growth (sptc)
* Fault tolerant flushing of queue when tunnel connection is resumed (sptc)
* Client authentication of server certificate (sptc)
* Stateful monitoring of log files (stale)
* Handles log rotation/truncation/removal gracefully (stale)
* Tunnel data compression (bzip/gzip)
* Message mutation/selection (grep/perl/awk)
* Runs on several UNIXs
