Hi nanog community I need help !! What is the best syslog server (opensource)? Thanks for your help Regards. -- Max Velazquez |
On Mon, 06 Jun 2016 14:59:51 -0600, Maximino Velazquez said:
What is the best syslog server (opensource)?
Step 0: Define what "best" means in your environment. What features do you need? Routing to a central aggregation server over TLS? Powerful regex-based routing? Ingestion into a database (a la splunk or Elk) for data mining? Ability to deal with insanely high message rates? Other must-have or don't-care features? License pricing? Vendor support? Step 1: After figuring out what you need, make a matrix of the available options and how well they fit. (We have in production syslog-ng, rsyslog, splunk, Elk, and probably a few others I've forgotten, for different purposes....)
+1 for ELKK (with kafka) Doing several hundred GB of log per day with a dozen instances on AWS (ES cluster + logstash hosts + kafak cluster) -Grant On Mon, Jun 6, 2016 at 11:25 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Mon, 06 Jun 2016 14:59:51 -0600, Maximino Velazquez said:
What is the best syslog server (opensource)?
Step 0: Define what "best" means in your environment.
What features do you need? Routing to a central aggregation server over TLS? Powerful regex-based routing? Ingestion into a database (a la splunk or Elk) for data mining? Ability to deal with insanely high message rates? Other must-have or don't-care features? License pricing? Vendor support?
Step 1: After figuring out what you need, make a matrix of the available options and how well they fit.
(We have in production syslog-ng, rsyslog, splunk, Elk, and probably a few others I've forgotten, for different purposes....)
Journald is excellent. The binary storage format is a huge leap forward. Andrew On Tuesday, June 7, 2016, Grant Ridder <shortdudey123@gmail.com> wrote:
+1 for ELKK (with kafka) Doing several hundred GB of log per day with a dozen instances on AWS (ES cluster + logstash hosts + kafak cluster)
-Grant
On Mon, Jun 6, 2016 at 11:25 PM, <Valdis.Kletnieks@vt.edu <javascript:;>> wrote:
On Mon, 06 Jun 2016 14:59:51 -0600, Maximino Velazquez said:
What is the best syslog server (opensource)?
Step 0: Define what "best" means in your environment.
What features do you need? Routing to a central aggregation server over TLS? Powerful regex-based routing? Ingestion into a database (a la splunk or Elk) for data mining? Ability to deal with insanely high message rates? Other must-have or don't-care features? License pricing? Vendor support?
Step 1: After figuring out what you need, make a matrix of the available options and how well they fit.
(We have in production syslog-ng, rsyslog, splunk, Elk, and probably a few others I've forgotten, for different purposes....)
https://www.graylog.org/ On 6/6/16, 4:59 PM, "NANOG on behalf of Maximino Velazquez" <nanog-bounces@nanog.org on behalf of mvm@transtelco.net> wrote:
Hi nanog community
I need help !!
What is the best syslog server (opensource)?
Thanks for your help
Regards.
--
Max Velazquez |
+1 on Graylog -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of David Hubbard Sent: Tuesday, June 07, 2016 2:02 AM To: Maximino Velazquez <mvm@transtelco.net>; nanog@nanog.org Subject: Re: syslog server https://www.graylog.org/ On 6/6/16, 4:59 PM, "NANOG on behalf of Maximino Velazquez" <nanog-bounces@nanog.org on behalf of mvm@transtelco.net> wrote:
Hi nanog community
I need help !!
What is the best syslog server (opensource)?
Thanks for your help
Regards.
--
Max Velazquez |
Well, I'll say an ELK stack, but seeing the original question... I got to ponder on the capacity of the OP. ----- Alain Hebert ahebert@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 06/07/16 07:26, STARNES, CURTIS wrote:
+1 on Graylog
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of David Hubbard Sent: Tuesday, June 07, 2016 2:02 AM To: Maximino Velazquez <mvm@transtelco.net>; nanog@nanog.org Subject: Re: syslog server
On 6/6/16, 4:59 PM, "NANOG on behalf of Maximino Velazquez" <nanog-bounces@nanog.org on behalf of mvm@transtelco.net> wrote:
Hi nanog community
I need help !!
What is the best syslog server (opensource)?
Thanks for your help
Regards.
--
Max Velazquez |
I’m a big fan of Graylog. -Pete On 6/6/16, 13:59, "NANOG on behalf of Maximino Velazquez" <nanog-bounces@nanog.org on behalf of mvm@transtelco.net> wrote:
Hi nanog community
I need help !!
What is the best syslog server (opensource)?
Thanks for your help
Regards.
--
Max Velazquez |
There is no "best" when it comes to something like Syslog. There is only "best fit for your requirements". In order to determine that, you'll have to figure out what your goals and requirements are. If you're just trying to do something basic and simple, like get logs from one machine to another, you should probably use what is available and supported by your vendor/distribution. For Debian/Ubuntu, you have Syslog-NG and RSyslog available. For Red Hat/CentOS, you have RSyslog as the default, and Syslog-NG available in EPEL. For other Operating Systems, you'll have to talk to your vendor or do some additional research. If you want to do more than basic log shipping, then you've got some research to do. You need to map out the problem you're trying to solve, and decide on the requirements to accomplish it. Basic syslog is pretty easy. Enterprise log management is a lot more complicated. You start throwing in log aggregation, retention requirements, reliability requirements, encryption, log search, monitoring and alerting, etc., and you've got yourself a project. There are multiple excellent Open Source solutions, but without knowing what you're trying to accomplish, it's difficult to recommend anything. -- Christopher P. Cashell EIT Platform Engineering E-Mail: cpcashell@west.com Infrastructure Monitoring, Management, and Automation Division EIT ~ Converging People and Technologies West Corporation -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Maximino Velazquez Sent: Monday, June 6, 2016 4:00 PM To: nanog@nanog.org Subject: syslog server Hi nanog community I need help !! What is the best syslog server (opensource)? Thanks for your help Regards. -- Max Velazquez |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Maximino Velazquez <mvm@transtelco.net> wrote:
I need help !!
What is the best syslog server (opensource)?
Greylog and Logstash are for having a convenient index of log messages, but they're not particularly robust. I've not seen syslog-ng crash, so I use it for collecting (and shipping) log data. Logstash is convenient, pretty, and utterly unreliable. You end up needing both. - --- Lars Lehtonen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJXY8U5AAoJEIE31HTrywTy00QH/2+8pObU5FVvAbYhS7IdIN49 y6CMrrIIS0fwNpBa41Ulx9UHQHLbuLH2ZgyVBFtgivzycMhEJv+SXwXmyun9SoVv WadLR8FeHSHGlvzlA3dmyadbGtOgl4kTqskNM/D9rx5biUeR9XNLWwidSZ+fNBnz Qz74l0+7mKXfI26aIxJYnix5+JBdTtiTFEa1Cqts1Foml8fdLS+Q1RyrW5pOceQ8 MZYPFuNB0WXEwj85Mo7sieVR5doF9ZTbffIlHCbmcfjl/hfni/u4+MZGR73vOKS6 33VddioPCzqyknt+tH4sQhnI8QEMcx/dmdO3AXbh6VmAOXhBlkmx2RPLN3fnYXs= =vHOt -----END PGP SIGNATURE-----
participants (10)
-
Alain Hebert
-
Andrew Kirch
-
Cashell, Christopher P.
-
David Hubbard
-
Grant Ridder
-
Lars Lehtonen
-
Maximino Velazquez
-
Peter Loron
-
STARNES, CURTIS
-
Valdis.Kletnieks@vt.edu