Scalable Architectural Pattern for Integrating Syslog Servers with Splunk
Krishna Mohan Koyya
Krishna Mohan Koyya*, Assistant Professor, Department of Information Technology, Sasi Institute of Technology & Engineering, Tadepalligudem (Andhra Pradesh), India.
Manuscript received on July 20, 2021. | Revised Manuscript received on July 26, 2021. | Manuscript published on July 30, 2021. | PP: 199-202 | Volume-10 Issue-2, July 2021. | Retrieval Number: 100.1/ijrte.B63070710221| DOI: 10.35940/ijrte.B6307.0710221
Open Access | Ethics and Policies | Cite | Mendeley
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: An enterprise infrastructure consists of several devices. The devices emit event notifications representing their current state. The devices without storage such as printers and routers are configured to send the event notifications in the form of syslogs to one or more remote syslog servers over the network. Depending on the size and usage of the enterprise infrastructure, millions of syslogs may be emitted per second. These syslogs are used by the system administrators to detect and address the anomalies in the infrastructure. The system administrators often integrate the syslog servers with Log Analysis tools that offer aggregation, analytics, and visualisation capabilities. Splunk is one such popular tool that can be integrated with syslog servers. This paper proposes an architectural pattern for syslog servers that are to be integrated with Splunk for better performance, scalability and resilience.
Keywords: Syslog, Syslog-ng, Splunk, Integration Patterns.