I suggest looking into syslog-ng for centralized log server. Clients can
use rsyslog for unix and nxlog for windows. Syslog-ng is scalable, high
speed and provides a lot of features for parsing, alerting, co-relating
etc. You can Use Syslog-ng for central log collection, send it to
elasticsearch , analyze with Kibana and visualize with grafana. I have
been using all this on a VM with 4G of RAM and 2 Cores of VCPU and seems
to be working okay. 15 servers including web and mail servers are
sending logs to the Log server. Additionally, I am also using wazuh for
alerting and sending data to elastic search as well. I believe, the
resource requirement will depend on the EPS rather than number of hosts.
Thank You !
Amit K Nepal
(OSCP, CISM, CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist)
On 12/12/2018 2:09 PM, Snyder, Alexander J wrote:
Looking for suggestions on what kind of physical resources would
suggested to building a central logging server for an enterprise company.
rsyslog is new for the company, so we're looking to "do it right" from
the ground up.
How many hosts should be needed to log networking and storage appliances?
Advice on memory, CPU, and disk are requested. Will be running CentOS7.
Thanks,
Alexander.
Sent from my Samsung Galaxy S8+
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss