Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
3
Replies

Syslog Server Recommendations

Go to solution
rcoote5902_2
Level 2
Level 2

‎03-12-2009 08:37 AM

I manage a network containing approx:

12 routers

75 switches

2 WLC's with about 100 radios

1 ASA

And I'd like to start sending logs to a syslog server. Having never used a syslog server before I have a few questions.

1) With a network this size how much LAN/WAN traffic am I going to be generating by sending logs to a syslog server?

2) What kind of specs do I need to run the server, and do I need more than one?

3) Are there any best practices as far as trap level, etc.?

Thanks in advance!

Rob

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎03-12-2009 08:54 AM

Rob-

The amount of syslog data depends on your logging level. Even at debug level (as long as your not actually debugging traffic) the traffic is relatively small. The packets are UDP and small so they are pretty efficient. You'll only need one server (we have almost a thoudand devices on one server). We log warning on most devices, but our firewalls all run at debug.

Hope that helps.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎03-12-2009 08:54 AM

Rob-

The amount of syslog data depends on your logging level. Even at debug level (as long as your not actually debugging traffic) the traffic is relatively small. The packets are UDP and small so they are pretty efficient. You'll only need one server (we have almost a thoudand devices on one server). We log warning on most devices, but our firewalls all run at debug.

Hope that helps.

0 Helpful

Go to solution
rcoote5902_2
Level 2
Level 2
In response to Collin Clark

‎03-12-2009 11:16 AM

Thanks so much Collin. If I may ask, what kind of hardware would you recommend for the server (cpu/ram/drive space)?

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to rcoote5902_2

‎03-12-2009 11:30 AM

Honestly any server built in the past 3-4 years would be fine. It takes very little resources (disk space more than anything). If you run Linux take a look at rsyslog.

0 Helpful
Customers Also Viewed These Support Documents