BalaBit Blog

Our customers often ask us how syslog-ng can be used with various log analysis tools. One of those tools is Splunk, a popular search and analysis platform. Many users of Splunk also have syslog-ng deployed in their environments. We have created a technical guideline that describes some scenarios in which users can benefit from syslog-ng Premium Edition’s features and offers some technical guidance, including configuration examples, to optimize the syslog-ng configuration. There are five use cases for using syslog-ng with Splunk which are often cited by our customers. Our latest guide goes into detail about these use cases and shows some example configuration files to get you started. First, collecting and centralizing log messages from network devices such as routers is one of the most common deployments of syslog-ng with Splunk. Major router manufacturers like Cisco and Juniper use the syslog protocol to transfer log messages. syslog-ng natively supports the original syslog protocol RFC3164 and the new syslog protocol RFC5424. In addition, syslog-ng also supports variants of these protocols which are used by certain router manufacturers. Secondly, many organizations that deploy Splunk have existing log management and analysis tools. Some departments within the same company, such as the Network Operations group and the IT security group, may have use for the same data but prefer to use different analysis tools such as Security Information and Event Management (SIEM) solutions. In these environments, syslog-ng is often used to collect and aggregate log messages and then forwarded to multiple destinations including a Splunk ... [Read More]