[ previous ] [ next ] [ threads ]
 
 From:  "Ryan Crisman" <rcrisman at tentec dot com>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Syslog server
 Date:  Thu, 29 Mar 2007 23:07:51 -0400 
Yea Kimmo thats what I have done..  I use splunk as the search and
displaying of it but i do have syslog-ng running.

The server is powered by Linux - Distro Gentoo.

On 3/29/07, Kimmo Jaskari <kimmo dot jaskari at gmail dot com> wrote:
>
> On 3/29/07, Ryan Crisman <rcrisman at tentec dot com> wrote:
> > We are using the paid version right now.  But there is a Free version
> that
> > limits you to 10,000 logs per day.
>
> Isn't it 500MB of raw data per day for the free version? You also lose
> some options with the free version, like password protected logins and
> multiple users.
>
> Anyway; if you are using (or can consider using) a *nix based machine
> as your log server, preferrably Solaris 10  ;), you should install
> syslog-ng on that one.
>
> syslog-ng is an extremely configurable syslog daemon and allows you to
> filter, sort, send to multiple destinations etc etc. Using syslog-ng
> there would be no problem sending your logs to both a Splunk server
> (by, for instance, creating a named pipe) and an SQL database, while
> still writing everything to directories on disk for simple text
> searches and easy backup of the "raw" data.
>
> It's hardly plug and play, but it's not incomprehensible either and it
> does give you great flexibility and performance.
>
> Personally, while I love Splunk and use it a lot myself, I wouldn't
> use it as the only syslog server component. In my opinion it firmly
> belongs in the log searching tool department where it excels, not as
> the only log storage one has. Fortunately, by placing a syslog-ng in
> front of it and copying off data to it via a named pipe, one can both
> retain the raw log files and get all the benefits of Splunk.
>
> --
> -{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--
>
> "Much of the social history of the Western world over the past three
> decades has involved replacing what worked with what sounded good." --
> Thomas Sowell
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


-- 
Ryan Crisman
Ten-Tec, Inc.
1185 Dolly Parton Parkway
Sevierville TN, 37862