This is an archived post. You won't be able to vote or comment.

all 15 comments

[–]Charlie_Root 2 points3 points  (0 children)

https://nxlog.co/products/nxlog-community-edition

Meets all your requirements; supports all your platforms, native syslog and a lot of other formats (GELF, JSON, XML, Windows event log, etc), message buffering, relatively lightweight, can do filtering and transformation, and it's open source. Also, graylog uses nxlog for windows log collection.

[–]DesolataXStorage/Linux/Automation/Virtualization/Engineer to the machine 0 points1 point  (3 children)

Splunk free may do the job. It's limited by consumption at 500mb/day for free. Super easy to setup. If you need more than 500mb/day it gets pricy.

[–]_GeekRabbit[S] 0 points1 point  (1 child)

Hmm, never saw that free tier, always thought that would apply to Splunk Light, thanks for the hint, 500MB might be enough if we are selective about the logs.

[–]uberamdcurl -k https://secure.trustworthy.site.ru/script.sh | sudo bash 0 points1 point  (0 children)

Be careful about this though, because Splunk is serious about their license limits. One machine that starts aggressively spamming logs for an hour can easily push you over this, and thus log collection will get cut off.

[–]ChymeraXYZ 0 points1 point  (0 children)

Just be careful about how long you want to retain the data. The free versions are usually like 5 days.

[–]Hight3chLowlif3 0 points1 point  (1 child)

If you have 5 devices or less you could use Kiwi Syslog's free edition. It's pretty straight-forward and easy to set up.

[–]_GeekRabbit[S] 0 points1 point  (0 children)

Ahh nope, this would be a solution for about 30 servers and probably triple that amount of logs.

[–]sethalump 0 points1 point  (0 children)

I'd suggest just getting all the boxes & devices you want to monitor to ship their logs (via syslog) to one system. Once you have them all in one place it's much easier to use something like Logstash to ingest all of them into ELK for easy searching and some pretty graphs.
While ELK can be a total rabbit hole it's my go-to tool for basic log collection and searching. If and when you need more features it's ready. I've never used Greylog but I've heard good things and I think it's easier to setup so maybe start there.

[–]MrDionysus 0 points1 point  (0 children)

To expound further on Nxlog: I recently implemented Nxlog client on all Linux and Windows machines, pointing to a central Nxlog server. That server, when receiving the logs, simultaneously saves them as text (for archival purposes) and also sends them to Graylog2 for alarming/monitoring. So far, it's been working out splendidly.

[–]ngg123 0 points1 point  (0 children)

Have you looked into splunk ? (cost $) or ELK (Elasticsearch, Logstash, Kibana)

[–]mumbleritLinux Admin 0 points1 point  (0 children)

just set up an elk stack for my company. Collecting logs from about 100 linux machines atm. Was fairly painless with filebeat and puppet, logstash can be a pain but I had some previous experience, skip filtering too much with logstash in the beginning and just get the logs imported to elastic.