Impact of installing syslog-ng in universal forwar...

ankithnageshshe · ‎11-14-2018

Hello Splunkers,

I have a requirement wherein I need to forward the data to the third-party system apart from sending logs to Splunk.

What is the impact of having syslog-ng along with universal forwarder that sends almost the same amount (mostly 75% same data) to a third party system?

Will this have a performance issue like "parsing queue getting filled" / network bandwidth consumption.

Which is the best way to integrate splunk to third party system.?

pruthvikrishnap · ‎11-14-2018

Hi Ankith,

What is the impact of having syslog-ng along with universal forwarder that sends almost the same amount (mostly 75% same data) to a third party system?
Splunk has the capability of forwarding logs to third party applications in raw syslog format, its obviously a performance hit when you plan to use both Splunk and syslog for accomplishing the same task.

Will this have a performance issue like "parsing queue getting filled" / network bandwidth consumption.
https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html

Which is the best way to integrate splunk to third party system.?
It depends on the third party applications which you are planning to forward logs to.
https://docs.splunk.com/Documentation/Splunk/7.2.0/Forwarding/Forwarddatatothird-partysystemsd

ankithnageshshe · ‎11-15-2018

Thanks Pruthvi for the reply.

frobert · ‎11-15-2018

Hi,
You probably do not need both the universal forwarder and syslog-ng, you can forward logs to Splunk and third-party systems with syslog-ng alone.

ankithnageshshe · ‎11-15-2018

Thanks Robert for the reply

Impact of installing syslog-ng in universal forwarder

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...