Syslog server - is it actually needed?

thebestgorko

New Member
Joined
Feb 23, 2021
Messages
1
Reaction score
0
Credits
21
Hello :),

I'm new to Syslog/Forwarding/Syslog Server and related stuff,so basically new to Linux as well, well atleast i don't have a lot of experience to UNIX like systems.

Anyways, things i've tried already with the mentioned stuff above:
- setting up azure sentinel/splunk/elk
- setting up kiwi syslog server
- forwarding logs to logz.io

I understand how things work forwarding/listening, didn't do much config stuff so maybe thats why i have the following question:

As far as i understand all above solutions have software based applications/services and when you configure them on a specific win/linux machine they act as a syslog server.
i.e - i have set up kiwi syslog server on windows and it receives messages on udp port 514 from ubuntu machine on the same network.

However, what i want to know is if i can set up one linux machine to listen to syslog messages without installing additional software?
If yes:
1.How?
2.Where does it store the received logs from other machines?
3.What is the capacity of received logs from other machines? Is it depending on the hard drive of the receiving machine?
4.Are there any pros actually or its better/recommended to have 3rd party services installed collecting syslog?
5.Are there Syslog Server appliances or everything is software based/SaaS/PaaS?
 

Members online


Latest posts

Top