The syslog-ng Premium Edition delivers the log data critical to understanding what is happening in your IT environment
Whether it’s user activity, performance metrics, network traffic, or any other log data, syslog-ng can collect and centralize log data. You can remove data silos and gain full-stack visibility of your IT environment. Depending on its configuration, one syslog-ng server can collect more than 650,000 log message per second from thousands of log sources.
With incomplete or compromised log data will you be able to find the root cause of an outage? Spot a cyberattack? Pass a compliance audit? See emerging trends in your application? Using local disk buffering, client-side failover and application layer acknowledgement syslog-ng can transfer logs with zero message loss. Encrypted transfer and storage ensure logs cannot be tampered with preserving the digital chain of custody
SWith powerful filtering, parsing, re-writing and classification options, syslog-ng can transform logs on remote hosts, reducing the amount and complexity of log data forwarded to analytic tools like SIEM or APM, reducing their total cost of ownership. The PatternDB feature can correlate log data in real-time, comparing log message content with predefined patterns. The flexible configuration language allows users to construct powerful, complex log processing systems on remote hosts with simple rules.
syslog-ng can be deployed as an agent on a wide variety of hosts and flexibly route logs to multiple analytic tools or databases, eliminating the need to deploy multiple agents on servers. Tested binary files for the syslog-ng Premium Edition are available for more than 50 server platforms reducing the time required for installation and maintenance.
syslog-ng Premium Edition can send and receive log messages in a reliable way over the TCP transport layer using the Reliable Log Transfer Protocol™ (RLTP™). RLTP™ is a new transport protocol that prevents message loss during connection breaks. It detects the last received message on the receiving end and then starts resending messages from that point, ensuring messages are not duplicated at the receiving end in case of a connection break.
The Premium Edition of syslog-ng stores messages on the local hard disk if the central log server or the network connection becomes unavailable. The syslog-ng application automatically sends the stored messages to the server when the connection is reestablished, in the same order the messages were received. The disk buffer is persistent - no messages are lost even if syslog-ng is restarted.
Flow-control uses a control window to determine if there is free space in the output buffer of syslog-ng for new messages. If the output buffer is full and the destination cannot accept new messages for some reason: for example, it's overloaded, or the network connection has become unavailable. In such cases, syslog-ng stops reading messages from the source until some messages have been successfully sent to the destination.
Log messages may contain sensitive information that should not be accessed by third parties. Therefore, syslog-ng Premium Edition uses the Transport Layer Security (TLS) protocol to encrypt the communication. TLS also allows the mutual authentication of the host and the server using X.509 certificates.
The Premium Edition of syslog-ng can store log messages securely in encrypted, compressed, indexed, and timestamped binary files, so any sensitive data is available only for authorized personnel who have the appropriate encryption key. Timestamps can be requested from external Timestamping Authorities.
The syslog-ng application is optimized for performance, and can handle an enormous amount of messages. Depending on its exact configuration, it has been known to process over 650,000 messages per second in real-time, and over 24 GB of raw logs per hour on standard server hardware.
With the syslog-ng client-relay architecture, IT organizations can collect log messages from more than 10,000 log sources across a geographically distributed environment on one central log server.
syslog-ng Premium Edition can natively collect and process log messages from SQL databases enabling users to easily manage log messages from a wide variety of enterprise software and custom applications. The syslog-ng Agent for Windows is an event log collector and forwarder application for Microsoft Windows platforms.
Some applications use many different log files, and sometimes these files are not even located in the same folder. Automatically generated file and folder names are also often a problem. To solve these issues, the filenames and paths specifying the log files read by syslog-ng can include wildcards, and syslog-ng can automatically scan entire subfolder-trees for the specified files. The syslog-ng Premium Edition application is also able to process multi-line log messages, for example, Apache Tomcat messages
The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.
The syslog-ng application can compare the contents of the log messages to a database of predefined message patterns.
This link is sourced from https://www.balabit.com/network-security/syslog-ng/central-syslog-server