Our networking group collects events to their own syslog server and refuse to send the events directly to use from the network devices. We have to use their syslog relay. Wondering, what would be the pros/cons of putting an edge client on their syslog server instead. Could it keep up? The edge client would read from logfiles. Any other considerations?
Page 1 / 1
Yes
No
The actual answer depends on little details like "how much data are we talking about" 
what xpac said. you should be good!
assuming that I'm just routing this to stream (no processing done at the edge client) - could it handle a couple of hudred gigabytes a day?
oh yeah, easily
Do keep in mind most of the networking gear sending stuff is syslog/udp so no guarantees
and they produce a LOT of junk
We just setup a networking worker group which consumes everything, normalizes things as much as possible before indexing it in splunk. The ciscos/junipers/aristas are all a bit bonkers
my first 3 log types!
Edge should be able to handle picking up the files and forwarding to a Stream Worker Group with a passthru pipeline on the Edge side.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.