Re: rsyslog host

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MAmit Nepal at <-
MPLUG-discuss at ->
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Snyder, Alexander J
Date:  
To: amit, PLUG Distro
Subject: Re: rsyslog host
We're currently using syslog-ng and are moving away from it as the project
hasn't been updated in years (obscurity is not security). We're collecting
with rsyslog and sending to Splunk for search and visualization.

Right now we're only testing with rsyslog and only have it configured on a
single host. We're building out a new DC and are going to setup rsyslog as
primary.

Im going to ask our ITSEC about the data points we're collecting and I'll
let the group know what I find.

Thanks,
Alexander.

Sent from my Samsung Galaxy S8+

On Dec 12, 2018 20:56, "Amit Nepal" <> wrote:

I suggest looking into syslog-ng for centralized log server. Clients can
use rsyslog for unix and nxlog for windows. Syslog-ng is scalable, high
speed and provides a lot of features for parsing, alerting, co-relating
etc. You can Use Syslog-ng for central log collection, send it to
elasticsearch , analyze with Kibana and visualize with grafana. I have been
using all this on a VM with 4G of RAM and 2 Cores of VCPU and seems to be
working okay. 15 servers including web and mail servers are sending logs to
the Log server. Additionally, I am also using wazuh for alerting and
sending data to elastic search as well. I believe, the resource
requirement will depend on the EPS rather than number of hosts.

Thank You !

Amit K Nepal
(OSCP, CISM, CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist)


On 12/12/2018 2:09 PM, Snyder, Alexander J wrote:

Looking for suggestions on what kind of physical resources would suggested
to building a central logging server for an enterprise company.

rsyslog is new for the company, so we're looking to "do it right" from the
ground up.

How many hosts should be needed to log networking and storage appliances?

Advice on memory, CPU, and disk are requested. Will be running CentOS7.

Thanks,
Alexander.

Sent from my Samsung Galaxy S8+

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail
settings:https://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Holiday potluck item leftRe: rsyslog host->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)