[CentOS] Logserver recommendations

Fri Apr 16 20:15:10 UTC 2010
Tom Brown <tom at ng23.net>


On 16 Apr 2010, at 18:49, "nate" <centos at linuxpowered.net> wrote:

> rainer at ultra-secure.de wrote:
>
>> I'd like to hear of people who have used both Splunk and/or prelude  
>> in an
>> environment with, say, 500<x<1000 servers, for collection of logs  
>> and can
>> voice a few opinions.
>
> I use Splunk with a few hundred systems and it works alright, using
> it right can take some time though creating the reports and stuff,
> but it does make searching and reporting very easy.
>
> Splunk licenses based on the amount of indexed data it collects per
> day, so you should know how much data your going to index before
> you buy, and of course give plenty of headroom.
>
> I have a friend who works over at T-mobile who is one of the biggest
> Splunk customers in the world they do something well over 1TB of new
> data per day, and it works ok for them(off the record it sucks but
> it sucks FAR less than everything else they have tried).
>
> nate
>
>

We will most likely go with loglogic in the future but I need  
something in the interim.


> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos