Answer

What would be the pros/cons of putting an edge client on their syslog server

Forum|Forum|8 months ago
March 11, 2025
11 replies
26 views

Franky Laarits
Employee

Our networking group collects events to their own syslog server and refuse to send the events directly to use from the network devices. We have to use their syslog relay. Wondering, what would be the pros/cons of putting an edge client on their syslog server instead. Could it keep up? The edge client would read from logfiles. Any other considerations?

Best answer by Brendan Dalpe

Edge should be able to handle picking up the files and forwarding to a Stream Worker Group with a passthru pipeline on the Edge side.

X

xpac xpac
Participating Frequently
Forum|Forum|8 months ago
March 11, 2025

Yes

Like

X

xpac xpac
Participating Frequently
Forum|Forum|8 months ago
March 11, 2025

No

Like

X

xpac xpac
Participating Frequently
Forum|Forum|8 months ago
March 11, 2025

The actual answer depends on little details like "how much data are we talking about"

Like

D

dritan
Employee
Forum|Forum|8 months ago
March 11, 2025

what xpac said. you should be good!

Like

F

Franky Laarits
Author
Employee
Forum|Forum|8 months ago
March 11, 2025

assuming that I'm just routing this to stream (no processing done at the edge client) - could it handle a couple of hudred gigabytes a day?

Like

D

dritan
Employee
Forum|Forum|8 months ago
March 11, 2025

oh yeah, easily

Like

C

Corey McClure
Employee
Forum|Forum|8 months ago
March 11, 2025

Do keep in mind most of the networking gear sending stuff is syslog/udp so no guarantees

Like

C

Corey McClure
Employee
Forum|Forum|8 months ago
March 11, 2025

and they produce a LOT of junk

Like

C

Corey McClure
Employee
Forum|Forum|8 months ago
March 11, 2025

We just setup a networking worker group which consumes everything, normalizes things as much as possible before indexing it in splunk. The ciscos/junipers/aristas are all a bit bonkers