![Server Server](/uploads/1/2/5/3/125385688/548049838.png)
Nagios is more networking monitoring while Splunk is more of a log console and a place to correlate events from multiple sources (including Nagios). We use Nagios for monitoring and the free version of Splunk to consolidate syslog messages from all servers,network devices, and IPS equipment to one central location. Nagios Log Server is a log file management software that can manage, analyze, and store all of your historical log file data for audit and compliance reports.
![Log Log](/uploads/1/2/5/3/125385688/732688399.jpg)
At work we recently set up Nagios Log server to try out, we've got our network equipment on there (however the cisco switches send next to nothing in terms of logs) as well as our servers.I'm curious how people are using their log servers, are you only ever going on them when there are issues to look through the logs, or are you being proactive and monitoring the level of logging to try and predict issues?You can build custom queries and dashboards in Nagios Log Server, however I haven't thought of any use cases for them yet. Depending on the industry you are in logs may or may not be that big of a deal for you. For us in the financial industry they are a big deal.
If you have the ability to keep even just 30 days worth so that you have them in the event of a major issue it could be worth it. We use Graylog to analyze our logs. The elasticsearch cluster that houses the actual logs contains over half a billion logs and growing. I think it all depends on your policies and/or regulatory environment.
I would say it's been a very interesting project to do regardless of why we did it.Here's my project on logging if you are interested: . Depending on the industry you are in logs may or may not be that big of a deal for you.
For us in the financial industry they are a big deal. If you have the ability to keep even just 30 days worth so that you have them in the event of a major issue it could be worth it. We use Graylog to analyze our logs. The elasticsearch cluster that houses the actual logs contains over half a billion logs and growing. I think it all depends on your policies and/or regulatory environment.
I would say it's been a very interesting project to do regardless of why we did it.Here's my project on logging if you are interested: . I've only recently set up Nagios log server, but I currently use it to collect all if the log files from my servers. Right now it's just the Windows Event logs, but I would like to add IIS, RRAS, etc. Would like to add the client machines as well, and firewall logs.Currently I review them, especially when I see a spike on the trend display, and have made a custom dashboard or two. I have given some thought to parsing OSSEC logs with it as well, or setting up OSSEC style alerts in Nagios Log server.
These are two different things so it's not an either or situation.Splunk is to centralize and analyze your logs. It is capable of generating alerts so I can see how this functionality can be confused with Nagios. But Nagios is an infrastructure and services monitoring and alerting solution. It can monitor things that don't necessarily have logs like cpu usage, number of processes, even check for ssl certificates about to expire. Logs may not tell you that apache has stopped responding to http requests where Nagios can.So in most situations you'll want to have something that does each of these jobs.
For log correlation and analysis there aren't a lot of open source options but looks pretty good. For infrastructure monitoring, alerts, and escalations there are a number of solutions out there. Both commercial and free/opensource.