On 04/19/12 at 06:24pm, Florian Heigl wrote: > 2012/4/19 Ski Kacoroski <[email protected]>: > > Hi, > > > > I am in the process of redoing my logging architecture to support both *nix > > and windows platforms. We currently have Splunk, but because of the per/GB > > pricing we have already decided that we cannot use it for all our logs > > (which kind of defeats the purpose of a central logging system). So I was > > looking at Greylog2 when my intern found NXlog. If any one has used it for > > either a complete system or just the as a system to forward windows logs to > > a unix style logging system I would appreciate your comments. If you have > > any other ideas for centralized logging infrastructures that support easy > > adhoc queries via a graphical interface, please let me know. > > There's also a "community splunk clone" called logstash. It's not the > same, but worth a look. > > Florian > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/
I recently went through all of the research for seting up our own logging infrastructure. We accumulate ~20,000 log events a day from around 10-15 machines. Not too great, but the solution I ended up implimenting is very scalable. Going the open source route, we decided to use Greylog2 in combination with Logstash, and rsyslog on the individual machines to ship the logs to Logstash. We have Logstash and Graylog2 on the same machine, but they could easily be split out. Logstash recieves the messages as syslog input (tcp) and then converts it to GELF and pushes it to Graylog2. We also have a second output module for dropping all logs to gzipped files in order to keep an archived copy. With our small amount of events this is feasible, but I'm not sure if this aspect is scalable. On the individual machines, rsyslog simply forwards the relevant syslog entries and can also process files for logs that aren't typically put into syslog. This solution has worked well, especially since we get the archiving and no license is telling us how little we can store. It did take a bit more to set up than splunk (which I also tested) but I think it was worth it. Tim _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
