The splunk agent footprint is very small and the polling isn't as noisy as you'd expect, I've run the software both ways and have no real complaints either way. Really it boils down to what are you comfortable with.
Please excuse typos, I'm on my mobile On Jul 10, 2012, at 21:39, anthony kasza <[email protected]> wrote: > The time between polling is configurable. > I too prefer agents as it takes the resource burden away from a single > machine and provides real time log collection. Installing agents isn't > always the best solution, however. > I've been told that Splunk agents (known as Universal Forwarders) have > a minimal resource footprint but I have never used one. > > -AK > > On Tue, Jul 10, 2012 at 8:04 PM, Champ Clark III <[email protected]> > wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 7/10/12 8:50 PM, anthony kasza wrote: >>> Conceptually similar to SNMP, but not the same. You configure >>> Splunk with a service account. Periodically, Splunk will login to >>> those designated systems and collect WMI information. The service >>> account needs the proper rights and privileges to read WMI on each >>> system. >> >> Thank you. I was using SNMP-trap in my example, but that was >> incorrect. SNMP is a better analogy. >> >> That's the way I was told WMI, which I've never used, worked. How >> often does polling typically take place? I assume that configurable? >> >> I typically don't like systems that have to manually "poll" for logs. >> Hence the reason I believe loading the agent is better. However, >> the downfall of that is... well... you have to load the agent... Some >> organizations/people don't like that idea either. >> >> >> - -- >> - - Champ Clark III ([email protected]) >> Quadrant Information Security (http://quadrantsec.com) >> Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A >> GPG Key ID: 0381878A >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG/MacGPG2 v2.0.17 (Darwin) >> Comment: GPGTools - http://gpgtools.org >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >> >> iQEcBAEBAgAGBQJP/NEzAAoJENnmXt7Lmc3KLcYH/ihIDmKtJfbgSdlFMwRVI9j9 >> I41Kcpz1cvL817VhgY0mv4uKYNnQ4laSrRYHkAhI4bkIVRkGOV3aEez8vl/0t83R >> z5z1Bdr0T/+VNDLAuJRM3AqlUn6BPQ/8Z7WRBKAyJ0PZZiSwcxWvWRNhRvrBRczS >> 086j0hIoDQr/K/3yIwJnvbk+5bcgRqSfsv7B3Etaz/OKoYCcN/TRGu8+pjMeRF1g >> D+f7x/jPpzhGTlc/JIMS1EnBIqq8YEjJ34IJuoT7vK+HSx5mJ1sGiP+aO6X23YJ6 >> Xzv7y9Dfq1dFB4ZmmUj7LVA/4wDLAbi5OQIqkpTd/2oQMjtHj2mA6zWhb8PVCz4= >> =6QkV >> -----END PGP SIGNATURE----- >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
