<div dir="ltr"><div dir="ltr"><a href="https://github.com/balabit/syslog-ng">https://github.com/balabit/syslog-ng</a><br></div><div dir="ltr"><br></div><div>though I've also switched to rsyslog. there have been too many fiddly bits when using the advanced functions of syslog-ng for me to trust it.</div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Dec 14, 2018 at 8:54 AM Snyder, Alexander J <<a href="mailto:alex@misteralexander.com">alex@misteralexander.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">They must be using a fork or something. In a recent meeting it was brought up that their software base hasn't been updated since 2007. I'll definitely dive deeper in to that! Thanks!<br><br><div>Thanks,<br>Alexander.<br><br>Sent from my Samsung Galaxy S8+</div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Dec 14, 2018, 07:08 <<a href="mailto:amit@amitnepal.com" target="_blank">amit@amitnepal.com</a> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div dir="auto" style="direction:ltr;margin:0px;padding:0px;font-family:sans-serif;font-size:11pt;color:black">Are you sure syslog-ng is not updated in years ? Latest release is 3.19.1 released 23 hours ago. Wonder if I am mistaken.<br>
<br>
</div>
<div dir="auto" style="direction:ltr;margin:0px;padding:0px;font-family:sans-serif;font-size:11pt;color:black"><div dir="auto" style="direction:ltr;margin:0px;padding:0px;font-family:sans-serif;font-size:11pt;color:black">Get <a href="https://aka.ms/ghei36" rel="noreferrer" target="_blank">Outlook for Android</a></div>
<br>
</div>
<br><br><br>
<div class="gmail_quote">On Fri, Dec 14, 2018 at 6:42 AM -0700, "Snyder, Alexander J" <span dir="ltr"><<a href="mailto:alex@misteralexander.com" rel="noreferrer" target="_blank">alex@misteralexander.com</a>></span> wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="3D"ltr"">
<div dir="auto">We're currently using syslog-ng and are moving away from it as the project hasn't been updated in years (obscurity is not security). We're collecting with rsyslog and sending to Splunk for search and visualization.<div dir="auto"><br></div><div dir="auto">Right now we're only testing with rsyslog and only have it configured on a single host. We're building out a new DC and are going to setup rsyslog as primary.</div><div dir="auto"><br></div><div dir="auto">Im going to ask our ITSEC about the data points we're collecting and I'll let the group know what I find.<br><div dir="auto"><br><div dir="auto">Thanks,<br>Alexander.<br><br>Sent from my Samsung Galaxy S8+</div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Dec 12, 2018 20:56, "Amit Nepal" <<a href="mailto:amit@amitnepal.com" rel="noreferrer" target="_blank">amit@amitnepal.com</a>> wrote:<br type="attribution"><blockquote class="gmail-m_5014699789561420082m_6051751476146583245quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>I suggest looking into syslog-ng for centralized log server.
Clients can use rsyslog for unix and nxlog for windows. Syslog-ng
is scalable, high speed and provides a lot of features for
parsing, alerting, co-relating etc. You can Use Syslog-ng for
central log collection, send it to elasticsearch , analyze with
Kibana and visualize with grafana. I have been using all this on a
VM with 4G of RAM and 2 Cores of VCPU and seems to be working
okay. 15 servers including web and mail servers are sending logs
to the Log server. Additionally, I am also using wazuh for
alerting and sending data to elastic search as well. I believe,
the resource requirement will depend on the EPS rather than number
of hosts. <br>
</p>
<p>Thank You !<br>
</p>
<pre class="gmail-m_5014699789561420082m_6051751476146583245m_-6531421801677566766moz-signature" cols="72">Amit K Nepal
(OSCP, CISM, CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist)
</pre><div class="gmail-m_5014699789561420082m_6051751476146583245elided-text">
<div class="gmail-m_5014699789561420082m_6051751476146583245m_-6531421801677566766moz-cite-prefix">On 12/12/2018 2:09 PM, Snyder,
Alexander J wrote:<br>
</div>
</div><blockquote type="cite"><div class="gmail-m_5014699789561420082m_6051751476146583245elided-text">
<div dir="auto">Looking for suggestions on what kind of physical
resources would suggested to building a central logging server
for an enterprise company.
<div dir="auto"><br>
</div>
<div dir="auto">rsyslog is new for the company, so we're looking
to "do it right" from the ground up.</div>
<div dir="auto"><br>
</div>
<div dir="auto">How many hosts should be needed to log
networking and storage appliances?</div>
<div dir="auto"><br>
</div>
<div dir="auto">Advice on memory, CPU, and disk are requested.
Will be running CentOS7.<br>
<br>
<div dir="auto">Thanks,<br>
Alexander.<br>
<br>
Sent from my Samsung Galaxy S8+</div>
</div>
</div>
<br>
<fieldset class="gmail-m_5014699789561420082m_6051751476146583245m_-6531421801677566766mimeAttachmentHeader"></fieldset>
</div><div class="gmail-m_5014699789561420082m_6051751476146583245quoted-text"><pre class="gmail-m_5014699789561420082m_6051751476146583245m_-6531421801677566766moz-quote-pre">---------------------------------------------------
PLUG-discuss mailing list - <a class="gmail-m_5014699789561420082m_6051751476146583245m_-6531421801677566766moz-txt-link-abbreviated" href="mailto:PLUG-discuss@lists.phxlinux.org" rel="noreferrer noreferrer" target="_blank">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a class="gmail-m_5014699789561420082m_6051751476146583245m_-6531421801677566766moz-txt-link-freetext" href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre>
</div></blockquote>
</div><div class="gmail-m_5014699789561420082m_6051751476146583245elided-text">
---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" rel="noreferrer noreferrer" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer noreferrer noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></div></blockquote></div><br></div>
</div>
</blockquote>
</div>
</div></blockquote></div>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">James McPhee<br><a href="mailto:jmcphe@gmail.com" target="_blank">jmcphe@gmail.com</a></div>