I plan on cross posting this to sysadmin, but I know the networking sub is also a good place to ask, as well.
I'm reading that having multiple syslog servers is a good idea, for redundancy, which makes sense. I'm not sure if I can get approval for two syslog servers, but it is worth a shot. There are also free alternatives, as well, for example, librenms.
Can I log into a device, for example, a switch, and provide a FQDN instead of an IP address? That way if the syslog ip has to be changed or a new syslog server is needed, a DNS entry can point the devices to the new server? I have tested with an HP switch and this one only accepts IPs and won't take a hostname/FQDN.
I read that pointing all devices to a syslog server and then configuring that syslog server to send the logs to other servers is also a good idea, but you still have a single syslog server from a single point of failure perspective.
With our syslog server being a virtual machine, I don't think only having one is a problem, meaning, it is better than a physical server having an issue. Being that it is virtual, we have failover options (migrate to different physical host) and we have another office where the server could live as a replica as another backup/recovery method.
I was not given a budget, but that doesn't mean the funds are unlimited, it basically means, show us a few solutions and we will pick one that we like best for X reasons.
I'd be curious to see what you all recommend. I've seen threads started asking for opinions and many times, in the threads I've read, there is a clear winner.
Right now, I'm going to take a look at
- librenms
- solarwinds orion npm
Edit- The environment consists of many brands: Dell switches, hp switches, cisco switches, sonicwalls, Dell SAN, Dell servers, IBM servers.
Edit- Adding Kiwi Syslog Server (paid) to the list.
No comments:
Post a Comment