The benefits of a centralized log receiver have been well documented over the years, and syslog has gained near-universal support across most platforms.
The Log Receiver feature in Gemini Manage 2.7 now includes ‘log splitting’ by Severity(Level), offering similar features found in syslog-ng that allow a more granular approach to the logging of network-related products and equipment.
In order to deal with all your syslog requirements, we recommend adding Log Receiver as an integral part of the Splunk Environments dashboard in Gemini Manage. This could incorporate a single standalone Appliance/Instance, or even a small cluster of Appliances/Instances offering the additional benefit of load balancing and high availability using our Clustering and Failover features.
Each Appliance/Instance will feature both Splunk and the Log Receiver working together to collate the logs and forward them on to your Splunk Indexers.
The following document is designed to help you create the necessary rules to receive, filter and store your incoming network-based logs and forward this to your Splunk environment.
Features of Manage Log Receiver
The Manage Log Receiver dashboard has been designed to offer a simple visual experience that makes it easy to create, view and troubleshoot your syslog rules.
Other key features are listed below;
- Multiple rules allowed for various data sources.
- Powerful filters to split syslog into different destination log files.
- Multiple destination directories for log files, including custom locations.
- Easily integrated with Splunk.
- Integral log rotation for better housekeeping.
- Rules can be replicated and distributed to other nodes if required.