Universal log collection and routing

Universal log collection and routing
Organizations using multiple analytic tools and storage solutions often use multiple log management tools. syslog-ng flexibly routes log data from X sources to Y destinations. Instead of deploying multiple agents on hosts, organizations can unify their log data collection and management.

Challenges

Multiple, incompatible collection agents

Many times organizations with multiple log analysis tools, each with its own collection agent, will need to deploy multiple collection agents on the same host.

Big data issues

Multiple collection tools can create data silos which make sharing log data among multiple groups difficult.

Complex collection solutions

The volume, variety, and velocity of log data generated by large IT environments can overwhelm many lightweight log collection tools.

Vendor lock-in

Combining log management and analysis functions can prove to be expensive if the solution can’t deliver real value to multiple user groups.

Reliability problems on end-points

Unstable collection agents that frequently crash can cause logs to go missing and cause headaches for IT operations.

Why syslog-ng?

One tool for log collection

Using a single solution for collection logs can eliminate the problems caused by deploying several agents on log source hosts. syslog-ng is technology independent, supporting well-established transport technologies.

Flexible routing

syslog-ng can collect and route logs in near real-time based on a virtually infinite number of rules based on source type, source address, and message content.

Well-known solution

With more than one million users and dozens of books including instructions, syslog-ng does not require expensive professional services to deploy and maintain.

Tamper-proof transfer and storage

syslog-ng Premium Edition and the syslog-ng Store Box use SSL/TLS encryption to transfer logs and the logstore, an encrypted, compressed and time-stamped log file to store data.

Distributed pre-processing

Semi-structured data allows for reduction of complexity, normalization, enables larger data sets to be searched more easily. syslog-ng can filter, parse, re-write and classify data on clients at unparalleled speeds to reduce the size and complexity of log data stored centrally.

Reliable transfer

syslog-ng Premium Edition and the syslog-ng Store Box can ensure zero message loss during transport from clients to the central logserver using TCP for transmission, the Reliable Log Transfer Protocol (RLTP™) for application acknowledgement, a client-side disk buffer, and client-side failover for network outages.

Easy integration with log analytics

syslog-ng can send logs to multiple destinations in parallel to serve the needs of multiple departments or to integrate with multiple log analysis tools. Logs sent to these different destinations can be filtered, processed and formatted independently and transferred over a wide variety of protocols and methods. The syslog-ng Store Box offers a REST-based API to access log data.

Easy-to-plan licensing model

licenses for syslog-ng Premium Edition and syslog-ng Store Box are based on the number of hosts sending logs, not the amount of data being processed so increases in the rate or the total amount of your log data will not increase your costs.

Benefits

Reduced operating costs

Reducing the number of collection solutions makes log management deployments simpler and more stable reducing operations costs.

Lower deployment costs

Deploying syslog-ng as a single log collection and routing tool can eliminate the need for installing multiple collection tools and lengthy, costly integration projects completed by vendors’ professional services teams or external consultants.

Lower TCO of log analytics tools

Many log analysis tools license their products based on the amount of data processed. Reducing the amount of data sent to log analysis tools can lower deployment costs.

Improved performance

Reducing the size and complexity of log data can dramatically improve search times.