Taming the SYSLOG Beast
By Roger Boivin
Why you need to tame the SYSLOG Beast Logging is a fundamental requirement of any system, as things will go wrong, we need a way to know quickly, diagnose and isolate the cause. No matter what operating system you use one of the best diagnostic information is the system log. Logging is a fundamental tool for the system administrator to identify unusual activity when trying to diagnose and isolate problems or trying to ensure systems are running as configured. SYSLOGS benefits include: General network administration • Debugging problems • Network health • Proactive system/problem analysis • Intrusion Detection • Incident Containment • Forensic analysis So, what?? You have implemented a SYSLOG server, and everything is running fine. When does your SYSLOG solution become a Beast? Over time, as your system grows and expands, we all know about exponential growth occurring today with Cloud/Hybrid Cloud, remote workers and 5G. Soon the existing SYSLOG system will reach its current capacity, additional collectors, indexers and storage are needed. The Beast needs food; more hardware and/or virtual instances to accommodate. The Beast begins to devour more and more of your IT budget on capital expenses (more servers) and operating expenses in terms of resources to manage and maintain the system. What can you do? Find a solution that can devour this Beast without killing you budget. How about a software-based solution that handles 200 million SYSLOG records a day and only uses 10-12% CPU capacity on one standard server at peak traffic! How about a solution that can handle 20 Billion SYSLOG records a day on only 3 servers! Such efficient indexing of records only requires 140 bytes per record to be stored. Some network operators will continue using the same solution they initially implemented and put up with the Beast. Others will investigate what the latest solutions are and switch. – Isn’t it worth a review at no cost to you? Take a look at the next generation SYSLOG solution that is much more cost effective and can easily adapt to the cloud environment you are planning to implement. Yes, the next generation SYSLOG systems still require hardware to reside on, just a lot less of it! What are the benefits?- Syslog Events are stored in two formats, raw and indexed
- Rule based real-time alerts
- Grows from 25K to 2 Million records/minute on one server
- Easily evolves to virtual machines or the cloud
- Centralized monitoring, management and analysis of each network elements with real-time alerting and notifications.