Syslog server choice

Adrian41 · ‎11-29-2023

Hello,

I am looking at setting up a syslog server in AWS and it will most likely be going on a linux instance.

Does anyone have any recommendations for software? Ideally would like it to be free and as easy to setup as possible.

(I am new to both Linux and setting up syslog servers.).

I see a lot of people use Kiwi but its only Windows. If that's really the best choice we can spin up a Windows instance but I'm told to try and avoid it 😛

Thanks!

MerakiGnome · ‎11-29-2023

unfortunately i've only used Kiwi for the free and easy piece and mainly for troubleshooting on the fly. Spin it up, use the trial licence and then blow the instance away. I've not seen a linux instance of a syslog server but i'm sure they exist.

Darren OConnor
https://www.linkedin.com/in/darrenoconnor

Adrian41 · ‎11-29-2023

also - I see in the list of features for many of the options, they state the max number of log sources.....for Meraki, would the logs all come from the Meraki cloud so to speak and seem as one source? or would each individual device count as a source?

aleabrahao · ‎11-29-2023

The dude syslog is a great option.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Brash · ‎11-29-2023

I've not had too much experience with free syslog servers but I've heard people liking Graylog

https://graylog.org/downloads/

Adrian41 · ‎11-29-2023

does anyone know the answer to this?

I see in the list of features for many of the options, they state the max number of log sources.....for Meraki, would the logs all come from the Meraki cloud so to speak and seem as one source? or would each individual device count as a source?

aleabrahao · ‎11-29-2023

In the context of Cisco Meraki, each individual device such as MX Security Appliances, MR Access Points, and MS switches can be configured to send syslog messages to a syslog server. These devices generate different types of logs, including system logs, traffic logs, event logs, IDS alerts, URLs, and flows. Therefore, each device would count as a separate log source.

This might give the impression of a single source, but in reality, each device is a separate source of logs.

https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Server_Overview_and_Configuration

Please consult with your Cisco Meraki representative for the most accurate information as it can vary based on your specific network configuration.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Adrian41 · ‎11-29-2023

cheers

Philip D'Ath · ‎11-29-2023

Meraki has a walk-through for doing this.
https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Server_Overview_and_Configuration#Configuring_a_Syslog_Server

syslog-ng is the modern version of the traditional syslog daemon for Linux.