Ad Widget

**jvillain** · 18-12-2018, 02:41

Yes you can. If you are thinking of using it as a replacement for splunk though I suspect there would be performance issues.

6 Log file monitoring

https://www.zabbix.com/documentation/4.0/manual/config/items/itemtypes/log_items

**andris** · 18-12-2018, 10:54

Zabbix can monitor log files (including syslog) to report records which match a given regexp, it can extract parts of records, it can count records matching a regexp, it can handle log rotation, it can handle log file storms. See log[], log.count[], logrt[], logrt.count[] items in documentation. In short Zabbix can notify you if something shows up in log files. At the same time it would not be a good idea to stream all log records into Zabbix - it is not designed as a log file warehouse.

**Carmex** · 18-12-2018, 15:37

Originally posted by jvillain

Yes you can. If you are thinking of using it as a replacement for splunk though I suspect there would be performance issues.

https://www.zabbix.com/documentation...ypes/log_items

jvillain andris Sounds like have a bunch of devices sending syslogs to zabbix for archive is not a good idea in general. Do you have a recommendation for a syslog server?

**jvillain** · 18-12-2018, 19:27

If you are OK with a Linux distro then any Linux distro will work for archiving. Just modify rsyslog or syslog-ng and it will listen for connections. Use logrotate to compress them to save space. If you are looking for a cheap replacement for splunk that will parse the logs do a search for "elastic search". None of the options have the gloss of Splunk but Splunk can be crazy expensive.

**gbiondi** · 18-12-2018, 19:35

Hi,
you can give a look to Graylog..

Ad Widget

Zabbix for syslog?

Zabbix for syslog?

Comment

Comment

Comment

Comment

Comment