[syslog-ng] Distributed syslog architecture

Tom Le dottom at gmail.com
Wed May 30 17:27:21 CEST 2007


| Tom Le wrote:
| > There are commercial tools you can consider as well but cost is very
| > high for this type of distributed architecture (several hundred
| > thousand dollars USD)
|
| Bazsi wrote:
| Can you elaborate on these tools? I would be interested even in private,
| if you think it is too off-topic here.

Yes, both Splunk and LogLogic provide distributed and high volume/high
performance index, archive, and search capabilities.  Splunk even has
distributed search, redundancy, and distributed routing logic you can apply
for syslog messages.  You can try out Splunks for free, 500-MB log size per
day limit and some enterprise features disabled.

Like I said, these deployments can be expensive vs. what you can do with
syslog-ng and some home grown integration.  The question really is what
exactly do you need?  Do you need the ability to query free form text with
various compliance reports and alerts available out-of-the-box?  Do you need
to configure alerts based on specific events or content within the log
messages (this then starts become an event monitoring discussion).  Do you
need specialized reports for specific device types like firewall logs,
router logs, Windows logs, etc.

Or is centralized collection of logs by itself sufficient (in which case,
syslog-ng is all you need).  In some large environments, grep'ing and
processing GB's or TB's of data is not the answer so you need the high end
commercial tools.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070530/266cf48f/attachment-0001.html


More information about the syslog-ng mailing list