We're considering a network log management product, but the vendor isn't committed to the syslog format. While...
there's really no network logging standard, syslog is the closest thing to it. Should lackluster syslog support be a deal-breaker?
Ask the Expert!
Have questions about network security for expert Matt Pascucci? Send them via email today! (All questions are anonymous.)
When searching for a network log management product, syslog is indeed an important consideration. While there is no defined standard for the contents of log traffic, the syslog protocol is an important standard for ensuring the interoperability of systems that create logs and servers that collect them. Syslog allows organizations to stand up a log collection infrastructure without needing to coordinate the log transmission capabilities of a wide variety of log providers.
In my opinion, if a network log management provider can't support syslog, it's a deal breaker. Companies like Cisco Systems Inc., Check Point Software Technologies Ltd., Juniper Networks Inc. and Palo Alto Networks Inc. all support logging via syslog in their products, and there isn't much those companies agree on.
So if a vendor claiming to be a network log management provider can't successfully parse or store logs within this format, then I fear they'll have a very short life as a company.
Not only is syslog format used for almost all network security systems and appliances, but Linux and Unix boxes use it for logging as well. As it seems that most network appliances these days are running some flavor of Linux, syslog is only going to become more of a de facto standard for logging as these appliances grow in popularity.
My advice is to drop this vendor and move toward others that support this format, which should be just about anyone else, and watch how they parse the syslog after it's collected. I've personally never seen a log management product that's had trouble with the syslog format. I've seen issues with collecting Windows event logs without agents in the past, but never an issue with syslog.
Creating an RFP with the questions and priorities you need in a log management product would come in handy when looking for and evaluating future solutions. If you come up with other needs that the system must have, I would suggest creating a proposal and sending it to vendors first to fill out before getting involved with them. Knowing upfront what they can and can't provide will help lay some expectations as to which solution will be the best fit for your company's needs.
Dig Deeper on Network Device Management
Related Q&A from Matthew Pascucci
Understanding the difference between software containers and sandboxing can help enterprises make the right decision about which to use. Expert ...continue reading
A recently patched NTP daemon vulnerability has put enterprises at risk. Expert Matthew Pascucci explains the vulnerability and how organizations can...continue reading
A new tool called AWS Organizations aims to make cloud account management more secure. Expert Matthew Pascucci explains how the tool works and how it...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.