03-12-2009 08:37 AM
I manage a network containing approx:
12 routers
75 switches
2 WLC's with about 100 radios
1 ASA
And I'd like to start sending logs to a syslog server. Having never used a syslog server before I have a few questions.
1) With a network this size how much LAN/WAN traffic am I going to be generating by sending logs to a syslog server?
2) What kind of specs do I need to run the server, and do I need more than one?
3) Are there any best practices as far as trap level, etc.?
Thanks in advance!
Rob
Solved! Go to Solution.
03-12-2009 08:54 AM
Rob-
The amount of syslog data depends on your logging level. Even at debug level (as long as your not actually debugging traffic) the traffic is relatively small. The packets are UDP and small so they are pretty efficient. You'll only need one server (we have almost a thoudand devices on one server). We log warning on most devices, but our firewalls all run at debug.
Hope that helps.
03-12-2009 08:54 AM
Rob-
The amount of syslog data depends on your logging level. Even at debug level (as long as your not actually debugging traffic) the traffic is relatively small. The packets are UDP and small so they are pretty efficient. You'll only need one server (we have almost a thoudand devices on one server). We log warning on most devices, but our firewalls all run at debug.
Hope that helps.
03-12-2009 11:16 AM
Thanks so much Collin. If I may ask, what kind of hardware would you recommend for the server (cpu/ram/drive space)?
03-12-2009 11:30 AM
Honestly any server built in the past 3-4 years would be fine. It takes very little resources (disk space more than anything). If you run Linux take a look at rsyslog.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide