Universal log collection and routing
Organizations using multiple analytic tools and storage solutions often use multiple log management tools. syslog-ng flexibly routes log data from X sources to Y destinations. Instead of deploying multiple agents on hosts, organizations can unify their log data collection and management.
02:35
Challenges
Multiple, incompatible collection agents
Many times organizations with multiple log analysis tools, each with its own collection agent, will need to deploy multiple collection agents on the same host.
Big data issues
Multiple collection tools can create data silos which make sharing log data among multiple groups difficult.
Complex collection solutions
The volume, variety, and velocity of log data generated by large IT environments can overwhelm many lightweight log collection tools.
Vendor lock-in
Combining log management and analysis functions can prove to be expensive if the solution can’t deliver real value to multiple user groups.
Reliability problems on end-points
Unstable collection agents that frequently crash can cause logs to go missing and cause headaches for IT operations.
Why syslog-ng?
One tool for log collection
Using a single solution for collection logs can eliminate the problems caused by deploying several agents on log source hosts. syslog-ng is technology independent, supporting well-established transport technologies.
Distributed pre-processing
Semi-structured data allows for reduction of complexity, normalization, enables larger data sets to be searched more easily. syslog-ng can filter, parse, re-write and classify data on clients at unparalleled speeds to reduce the size and complexity of log data stored centrally.
Flexible routing
syslog-ng can collect and route logs in near real-time based on a virtually infinite number of rules based on source type, source address, and message content.
Reliable transfer
syslog-ng Premium Edition and the syslog-ng Store Box can ensure zero message loss during transport from clients to the central logserver using TCP for transmission, the Reliable Log Transfer Protocol (RLTP™) for application acknowledgement, a client-side disk buffer, and client-side failover for network outages.
Well-known solution
With more than one million users and dozens of books including instructions, syslog-ng does not require expensive professional services to deploy and maintain.
Easy integration with log analytics
syslog-ng can send logs to multiple destinations in parallel to serve the needs of multiple departments or to integrate with multiple log analysis tools. Logs sent to these different destinations can be filtered, processed and formatted independently and transferred over a wide variety of protocols and methods. The syslog-ng Store Box offers a REST-based API to access log data.
Tamper-proof transfer and storage
syslog-ng Premium Edition and the syslog-ng Store Box use SSL/TLS encryption to transfer logs and the logstore, an encrypted, compressed and time-stamped log file to store data.
Easy-to-plan licensing model
licenses for syslog-ng Premium Edition and syslog-ng Store Box are based on the number of hosts sending logs, not the amount of data being processed so increases in the rate or the total amount of your log data will not increase your costs.
Benefits
Reduced operating costs
Reducing the number of collection solutions makes log management deployments simpler and more stable reducing operations costs.
Lower TCO of log analytics tools
Many log analysis tools license their products based on the amount of data processed. Reducing the amount of data sent to log analysis tools can lower deployment costs.
Lower deployment costs
Deploying syslog-ng as a single log collection and routing tool can eliminate the need for installing multiple collection tools and lengthy, costly integration projects completed by vendors’ professional services teams or external consultants.
Improved performance
Reducing the size and complexity of log data can dramatically improve search times.