03-24-2023 05:13 AM
Checking to see what is most commonly used out there?
If applications like Splunk or Solarwinds is used, would it be good to just send there?
How about just spinning up a Windows or Linux VM and sending there?
03-24-2023 06:57 AM
Hi
I've seen tons of company who send logs to linux servers. Windows did not see but it is also possible of course.
The advantage of Splunk or tools like that it is much more user friendly when you need to investigate a problem by checking the logs.
What you can do is send the logs to a linux server running syslog service and then use Kibana, which is also free to search data, create dashboards etc
I saw big companies using this way.
03-24-2023 07:05 AM
Do you know what format the logs are sent as lets say from a FTD?
03-24-2023 07:21 AM
It depends a little bit on how do you configured the syslog on the device. There some filter you can choose for example if you configure to debugging, you are going to send a lot of logs.
03-24-2023 06:50 PM
We are using AKiPS (since 2017) as an NMS solution and it has a syslog server function.
AKiPS allows me to use regex to "catch" which log entries will alert me for potential problems. For instance, if the logs will generate the term "HOG" (for CPU HOG) or "MALLOC" (memory allocation error).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide