Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
877
Views
1
Helpful
4
Replies

Best appliance to use for external logging server?

CiscoPurpleBelt
Level 6
Level 6

‎03-24-2023 05:13 AM

Checking to see what is most commonly used out there?
If applications like Splunk or Solarwinds is used, would it be good to just send there?
How about just spinning up a Windows or Linux VM and sending there?

Labels:
0 Helpful
4 Replies 4

Flavio Miranda
VIP
VIP

‎03-24-2023 06:57 AM

Hi

 I've seen tons of company who send logs to linux servers. Windows did not see but it is also possible of course. 

The advantage of Splunk or tools like that it is much more user friendly when you need to investigate a problem by checking the logs.

What you can do is send the logs to a linux server running syslog service and then use Kibana, which is also free to search data, create dashboards etc

I saw big companies using this way.

CiscoPurpleBelt
Level 6
Level 6
In response to Flavio Miranda

‎03-24-2023 07:05 AM

Do you know what format the logs are sent as lets say from a FTD?

0 Helpful

Flavio Miranda
VIP
VIP
In response to CiscoPurpleBelt

‎03-24-2023 07:21 AM

It depends a little bit on how do you configured the syslog on the device. There some filter you can choose for example if you configure to debugging, you are going to send a lot of logs. 

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎03-24-2023 06:50 PM

We are using AKiPS (since 2017) as an NMS solution and it has a syslog server function. 

AKiPS allows me to use regex to "catch" which log entries will alert me for potential problems.  For instance, if the logs will generate the term "HOG" (for CPU HOG) or "MALLOC" (memory allocation error). 

0 Helpful
Customers Also Viewed These Support Documents