[189833] in North American Network Operators' Group
Re: syslog server
daemon@ATHENA.MIT.EDU (Grant Ridder)
Tue Jun 7 20:30:27 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <90451.1465280712@turing-police.cc.vt.edu>
From: Grant Ridder <shortdudey123@gmail.com>
Date: Tue, 7 Jun 2016 17:28:09 -0700
To: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
+1 for ELKK (with kafka)
Doing several hundred GB of log per day with a dozen instances on AWS (ES
cluster + logstash hosts + kafak cluster)
-Grant
On Mon, Jun 6, 2016 at 11:25 PM, <Valdis.Kletnieks@vt.edu> wrote:
> On Mon, 06 Jun 2016 14:59:51 -0600, Maximino Velazquez said:
> > What is the best syslog server (opensource)?
>
> Step 0: Define what "best" means in your environment.
>
> What features do you need? Routing to a central aggregation server over
> TLS?
> Powerful regex-based routing? Ingestion into a database (a la splunk or
> Elk)
> for data mining? Ability to deal with insanely high message rates? Other
> must-have or don't-care features? License pricing? Vendor support?
>
> Step 1: After figuring out what you need, make a matrix of the available
> options and how well they fit.
>
> (We have in production syslog-ng, rsyslog, splunk, Elk, and probably a few
> others I've forgotten, for different purposes....)
>
>
