rsyslog host

amit at amitnepal.com amit at amitnepal.com
Fri Dec 14 07:08:39 MST 2018 

Are you sure syslog-ng is not updated in years ? Latest release is 3.19.1 released 23 hours ago. Wonder if I am mistaken.




Get Outlook for Android







On Fri, Dec 14, 2018 at 6:42 AM -0700, "Snyder, Alexander J" <alex at misteralexander.com> wrote:










We're currently using syslog-ng and are moving away from it as the project hasn't been updated in years (obscurity is not security). We're collecting with rsyslog and sending to Splunk for search and visualization.
Right now we're only testing with rsyslog and only have it configured on a single host. We're building out a new DC and are going to setup rsyslog as primary.
Im going to ask our ITSEC about the data points we're collecting and I'll let the group know what I find.

Thanks,
Alexander.

Sent from my Samsung Galaxy S8+
On Dec 12, 2018 20:56, "Amit Nepal" <amit at amitnepal.com> wrote:

  
    
  
  
    

I suggest looking into syslog-ng for centralized log server.
      Clients can use rsyslog for unix and nxlog for windows.  Syslog-ng
      is scalable, high speed and provides a lot of features for
      parsing, alerting, co-relating etc. You can Use Syslog-ng for
      central log collection, send it to elasticsearch , analyze with
      Kibana and visualize with grafana. I have been using all this on a
      VM with 4G of RAM and 2 Cores of VCPU and seems to be working
      okay. 15 servers including web and mail servers are sending logs
      to the Log server. Additionally, I am also using wazuh for
      alerting and sending data to elastic search as well.  I believe,
      the resource requirement will depend on the EPS rather than number
      of hosts. 

    
    

Thank You !

    
    Amit K Nepal
(OSCP, CISM, CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist)


    On 12/12/2018 2:09 PM, Snyder,
      Alexander J wrote:

    
    
      
      Looking for suggestions on what kind of physical
        resources would suggested to building a central logging server
        for an enterprise company.
        

        
        rsyslog is new for the company, so we're looking
          to "do it right" from the ground up.
        

        
        How many hosts should be needed to log
          networking and storage appliances?
        

        
        Advice on memory, CPU, and disk are requested.
          Will be running CentOS7.

          

          Thanks,

            Alexander.

            

            Sent from my Samsung Galaxy S8+
        
      
      

      
      ---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
    
  

---------------------------------------------------

PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org

To subscribe, unsubscribe, or to change your mail settings:

https://lists.phxlinux.org/mailman/listinfo/plug-discuss






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20181214/37ccd703/attachment.html>

More information about the PLUG-discuss mailing list