I suggest looking into syslog-ng for centralized log server. Clients can 
use rsyslog for unix and nxlog for windows.  Syslog-ng is scalable, high 
speed and provides a lot of features for parsing, alerting, co-relating 
etc. You can Use Syslog-ng for central log collection, send it to 
elasticsearch , analyze with Kibana and visualize with grafana. I have 
been using all this on a VM with 4G of RAM and 2 Cores of VCPU and seems 
to be working okay. 15 servers including web and mail servers are 
sending logs to the Log server. Additionally, I am also using wazuh for 
alerting and sending data to elastic search as well.  I believe, the 
resource requirement will depend on the EPS rather than number of hosts.

Thank You !

Amit K Nepal
(OSCP, CISM, CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist)

On 12/12/2018 2:09 PM, Snyder, Alexander J wrote:
> Looking for suggestions on what kind of physical resources would 
> suggested to building a central logging server for an enterprise company.
>
> rsyslog is new for the company, so we're looking to "do it right" from 
> the ground up.
>
> How many hosts should be needed to log networking and storage appliances?
>
> Advice on memory, CPU, and disk are requested. Will be running CentOS7.
>
> Thanks,
> Alexander.
>
> Sent from my Samsung Galaxy S8+
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss