rsyslog host
Amit Nepal
amit at amitnepal.com
Wed Dec 12 20:47:10 MST 2018
I suggest looking into syslog-ng for centralized log server. Clients can
use rsyslog for unix and nxlog for windows. Syslog-ng is scalable, high
speed and provides a lot of features for parsing, alerting, co-relating
etc. You can Use Syslog-ng for central log collection, send it to
elasticsearch , analyze with Kibana and visualize with grafana. I have
been using all this on a VM with 4G of RAM and 2 Cores of VCPU and seems
to be working okay. 15 servers including web and mail servers are
sending logs to the Log server. Additionally, I am also using wazuh for
alerting and sending data to elastic search as well. I believe, the
resource requirement will depend on the EPS rather than number of hosts.
Thank You !
Amit K Nepal
(OSCP, CISM, CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist)
On 12/12/2018 2:09 PM, Snyder, Alexander J wrote:
> Looking for suggestions on what kind of physical resources would
> suggested to building a central logging server for an enterprise company.
>
> rsyslog is new for the company, so we're looking to "do it right" from
> the ground up.
>
> How many hosts should be needed to log networking and storage appliances?
>
> Advice on memory, CPU, and disk are requested. Will be running CentOS7.
>
> Thanks,
> Alexander.
>
> Sent from my Samsung Galaxy S8+
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20181212/ce3e5918/attachment.html>
More information about the PLUG-discuss
mailing list