What would be the pros/cons of putting an edge client on their syslog server
Our networking group collects events to their own syslog server and refuse to send the events directly to use from the network devices. We have to use their syslog relay. Wondering, what would be the pros/cons of putting an edge client on their syslog server instead. Could it keep up? The edge client would read from logfiles. Any other considerations?
Best Answer
-
Edge should be able to handle picking up the files and forwarding to a Stream Worker Group with a passthru pipeline on the Edge side.
1
Answers
-
Yes
0 -
No
0 -
The actual answer depends on little details like "how much data are we talking about"
0 -
what xpac said. you should be good!
0 -
assuming that I'm just routing this to stream (no processing done at the edge client) - could it handle a couple of hudred gigabytes a day?
0 -
oh yeah, easily
0 -
Do keep in mind most of the networking gear sending stuff is syslog/udp so no guarantees
0 -
and they produce a LOT of junk
0 -
We just setup a networking worker group which consumes everything, normalizes things as much as possible before indexing it in splunk. The ciscos/junipers/aristas are all a bit bonkers
0 -
my first 3 log types!
0 -
Edge should be able to handle picking up the files and forwarding to a Stream Worker Group with a passthru pipeline on the Edge side.
1
