What are people doing for syslog collector strategy?
We have a situation where we currently have all of our Unix server forwarding their syslog to Sumologic syslog source. It is working great.
The network team wants to jump on to the Sumologic bandwagon (as well they should), but the issue is that if we send them to the same syslog source the Unix team is using, we think it may be hard to search the Unix data seperately from the network data. Our original plan was to have the syslog source SourceCategory be something specific for Unix so they could search their data specifically. But if we throw the network data in there, we can't search it by SourceCatagory any longer.
Has anyone had issues where multiple types of data are coming in to a single syslog collector, and are now experiencing difficulty searching the data based on the source of the data (unix vs. network, for example)? Or are people setting up seperate syslog collectors for each source of data (one for unix, one for network, for example).
Please sign in to leave a comment.