Multiple, incompatible collection agents
Many times organizations with multiple log analysis tools, each with its own collection agent, will need to deploy multiple collection agents on the same host.
Big data issues
Multiple collection tools can create data silos which make sharing log data among multiple groups difficult.
Complex collection solutions
The volume, variety, and velocity of log data generated by large IT environments can overwhelm many lightweight log collection tools.
Combining log management and analysis functions can prove to be expensive if the solution can’t deliver real value to multiple user groups.
Reliability problems on end-points
Unstable collection agents that frequently crash can cause logs to go missing and cause headaches for IT operations.
Using a single solution for collection logs can eliminate the problems caused by deploying several agents on log source hosts. syslog-ng is technology independent, supporting well-established transport technologies.
syslog-ng can collect and route logs in near real-time based on a virtually infinite number of rules based on source type, source address, and message content.
With more than one million users and dozens of books including instructions, syslog-ng does not require expensive professional services to deploy and maintain.
syslog-ng Premium Edition and the syslog-ng Store Box use SSL/TLS encryption to transfer logs and the logstore, an encrypted, compressed and time-stamped log file to store data.
Semi-structured data allows for reduction of complexity, normalization, enables larger data sets to be searched more easily. syslog-ng can filter, parse, re-write and classify data on clients at unparalleled speeds to reduce the size and complexity of log data stored centrally.
syslog-ng Premium Edition and the syslog-ng Store Box can ensure zero message loss during transport from clients to the central logserver using TCP for transmission, the Reliable Log Transfer Protocol (RLTP™) for application acknowledgement, a client-side disk buffer, and client-side failover for network outages.
syslog-ng can send logs to multiple destinations in parallel to serve the needs of multiple departments or to integrate with multiple log analysis tools. Logs sent to these different destinations can be filtered, processed and formatted independently and transferred over a wide variety of protocols and methods. The syslog-ng Store Box offers a REST-based API to access log data.
licenses for syslog-ng Premium Edition and syslog-ng Store Box are based on the number of hosts sending logs, not the amount of data being processed so increases in the rate or the total amount of your log data will not increase your costs.
Reducing the number of collection solutions makes log management deployments simpler and more stable reducing operations costs.
Deploying syslog-ng as a single log collection and routing tool can eliminate the need for installing multiple collection tools and lengthy, costly integration projects completed by vendors’ professional services teams or external consultants.
Many log analysis tools license their products based on the amount of data processed. Reducing the amount of data sent to log analysis tools can lower deployment costs.
Reducing the size and complexity of log data can dramatically improve search times.