Centralized logging can be a complex subject to discuss.  One of the more useful things to talk about is the number of messages per second you'll be processing.  There is tuning to rsyslog that you should do if you're going to be running it as a receiver and expect a reasonably large number of messages.

On Wed, Dec 12, 2018 at 3:14 PM Stephen Partington <cryptworks@gmail.com> wrote:
How many data sources are you looking at? 1000 10000?

On Wed, Dec 12, 2018, 2:10 PM Snyder, Alexander J <alex@misteralexander.com wrote:
Looking for suggestions on what kind of physical resources would suggested to building a central logging server for an enterprise company.

rsyslog is new for the company, so we're looking to "do it right" from the ground up.

How many hosts should be needed to log networking and storage appliances?

Advice on memory, CPU, and disk are requested. Will be running CentOS7.

Thanks,
Alexander.

Sent from my Samsung Galaxy S8+
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss


--
James McPhee
jmcphe@gmail.com