https://github.com/balabit/syslog-ng though I've also switched to rsyslog. there have been too many fiddly bits when using the advanced functions of syslog-ng for me to trust it. On Fri, Dec 14, 2018 at 8:54 AM Snyder, Alexander J < alex@misteralexander.com> wrote: > They must be using a fork or something. In a recent meeting it was brought > up that their software base hasn't been updated since 2007. I'll definitely > dive deeper in to that! Thanks! > > Thanks, > Alexander. > > Sent from my Samsung Galaxy S8+ > > On Fri, Dec 14, 2018, 07:08 >> Are you sure syslog-ng is not updated in years ? Latest release is 3.19.1 >> released 23 hours ago. Wonder if I am mistaken. >> >> Get Outlook for Android >> >> >> >> >> On Fri, Dec 14, 2018 at 6:42 AM -0700, "Snyder, Alexander J" < >> alex@misteralexander.com> wrote: >> >> We're currently using syslog-ng and are moving away from it as the >>> project hasn't been updated in years (obscurity is not security). We're >>> collecting with rsyslog and sending to Splunk for search and visualization. >>> >>> Right now we're only testing with rsyslog and only have it configured on >>> a single host. We're building out a new DC and are going to setup rsyslog >>> as primary. >>> >>> Im going to ask our ITSEC about the data points we're collecting and >>> I'll let the group know what I find. >>> >>> Thanks, >>> Alexander. >>> >>> Sent from my Samsung Galaxy S8+ >>> >>> On Dec 12, 2018 20:56, "Amit Nepal" wrote: >>> >>> I suggest looking into syslog-ng for centralized log server. Clients can >>> use rsyslog for unix and nxlog for windows. Syslog-ng is scalable, high >>> speed and provides a lot of features for parsing, alerting, co-relating >>> etc. You can Use Syslog-ng for central log collection, send it to >>> elasticsearch , analyze with Kibana and visualize with grafana. I have been >>> using all this on a VM with 4G of RAM and 2 Cores of VCPU and seems to be >>> working okay. 15 servers including web and mail servers are sending logs to >>> the Log server. Additionally, I am also using wazuh for alerting and >>> sending data to elastic search as well. I believe, the resource >>> requirement will depend on the EPS rather than number of hosts. >>> >>> Thank You ! >>> >>> Amit K Nepal >>> (OSCP, CISM, CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist) >>> >>> >>> On 12/12/2018 2:09 PM, Snyder, Alexander J wrote: >>> >>> Looking for suggestions on what kind of physical resources would >>> suggested to building a central logging server for an enterprise company. >>> >>> rsyslog is new for the company, so we're looking to "do it right" from >>> the ground up. >>> >>> How many hosts should be needed to log networking and storage appliances? >>> >>> Advice on memory, CPU, and disk are requested. Will be running CentOS7. >>> >>> Thanks, >>> Alexander. >>> >>> Sent from my Samsung Galaxy S8+ >>> >>> --------------------------------------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings:https://lists.phxlinux.org/mailman/listinfo/plug-discuss >>> >>> --------------------------------------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss >>> >>> >>> --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss -- James McPhee jmcphe@gmail.com