I suggest looking into syslog-ng for centralized log server. Clients can
use rsyslog for unix and nxlog for windows. Syslog-ng is scalable, high
speed and provides a lot of features for parsing, alerting, co-relating
etc. You can Use Syslog-ng for central log collection, send it to
elasticsearch , analyze with Kibana and visualize with grafana. I have
been using all this on a VM with 4G of RAM and 2 Cores of VCPU and seems
to be working okay. 15 servers including web and mail servers are
sending logs to the Log server. Additionally, I am also using wazuh for
alerting and sending data to elastic search as well. I believe, the
resource requirement will depend on the EPS rather than number of hosts.
Thank You !
Amit K Nepal
(OSCP, CISM, CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist)
On 12/12/2018 2:09 PM, Snyder, Alexander J wrote:
> Looking for suggestions on what kind of physical resources would
> suggested to building a central logging server for an enterprise company.
>
> rsyslog is new for the company, so we're looking to "do it right" from
> the ground up.
>
> How many hosts should be needed to log networking and storage appliances?
>
> Advice on memory, CPU, and disk are requested. Will be running CentOS7.
>
> Thanks,
> Alexander.
>
> Sent from my Samsung Galaxy S8+
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)