Concanon Presents:

10 Reasons to Replace Syslog with Cribl LogStream


Concanon's 10 Reasons to Replace Syslog Server with Cribl LogStream

Syslog servers have been around for decades and have filled a much-needed role in systems administration. However, they do not meet today’s demands for higher visibility, easier management and scalability of data observability across organizations. Concanon gives you 10 reasons to switch from using a syslog server to Cribl LogStream to address those issues and more.

What is syslog server?

A syslog server is a means to capture messages created and sent using the syslog protocol, allowing system and network administrators to store massive amounts of logging information from their equipment and systems.  Syslog servers have been in use for an awfully long time, and therefore enjoy wide support as a logging destination from all vendors.

1. Graphical User Interface

A syslog server does not include a user interface, and is configured using text files. This makes it harder to manage and requires a skillset that many do not have the time nor desire to learn.
Cribl LogStream is an alternative to a syslog server that was designed from the ground up with user experience in mind. With just a few clicks LogStream can be collecting syslog data, acting as a much more powerful syslog server.

Cribl LogStream GUI
Data Visibility

2. Data Visibility

Syslog servers have no way to show any details about the logs they are collecting.  Data Managers do not have clear visibility about the data that they are collecting and have to hunt and peck for information when it is needed.  The Cribl LogStream platform puts this information at the Data Manager’s fingertips, whether it is statistics about the data collected, or a live capture of a data stream.


3. Scalable Distributed Architecture

Syslog servers don’t have a central management system.  Third party solutions such as Puppet, Chef or Ansible are necessary to address this need.  This creates higher administration overhead and complexity by requiring additional tools and skillsets. With Cribl LogStream, data collection is easily managed from one centralized location whether it is for one LogStream server or for one hundred.

Concanon's Approach to Scale with Cribl

4. Accident-Proof

Mistakes happen when working with syslog server configurations, sometimes without properly backing up the previous set of configurations.  Other than restoring from a backup or snapshot, a syslog server has no way to recover from these blunders.  This can lead to costly data loss, or hours of aggravation trying to re-create the previously working settings. Cribl LogStream has built-in version control which makes it easy to recover your last configuration change or any other change before that.

5. More Than Just Syslog Data

As mentioned earlier, A syslog server is a server that collects syslog data and either stores it in a file or sends it to another syslog server.  With Cribl LogStream you get a data observability platform that includes the functionality of a syslog server as well.  There are over a dozen types of data that LogStream can listen for or poll for, and the list will continue to grow in the future for more complete support of all types of data.

6. Many Types of Outputs

In addition to the sources shown in the figure below, Cribl LogStream allows you to send data to more than a dozen destinations. With it’s easy to use and interactive GUI, your options are endless to its final destination. Identify ways to leverage cost effective storage for your data. The current destinations that are available to your data engineers are also shown in the figure below. 

Cribl Event Management

7. Easy to Setup

A syslog server takes a lot of time to test and set up in a way that works for anything other than simple syslog collection. The user interface for Cribl LogStream helps to make set up and configuration happen quickly and guides the user along the way. Users also see more information about the data they are working with as they are setting everything up.

Cribl Routing

8. Change Data on the Go

The ability to change data as it is being collected using a syslog server can be difficult to set up and it takes a lot of time and effort to test and do correctly. This limits to utility of syslog servers lowering its value as a data collection tool. With LogStream many advanced data changes are easily done such as hiding important data with encryption or masking, collecting a smaller sample size of data, adding important details to data, removing not-so-important details from data or ignoring unimportant data.

9. Turn Logs into Metrics

With Cribl LogStream data events and their contents can be measured and become important metrics, such as number of errors in the last hour or the number of data sources seen.  These pieces of information can be fed to other monitoring systems to show systems health details.

Big Data Metrics Chart

10. Live Support

Support for syslog servers usually involves a google search for information or submitting an email to then wait for a response.  This can make it difficult to get help during critical situations, when an answer is needed right away. Cribl LogStream has an active community Slack channel, thorough documentation, and professional service offerings from partner organizations like mine.

Start Saving Today with Concanon

This article lists just some of the reasons to replace your aging syslog server infrastructure with something more robust and easier to manage while giving you more control over your data observability pipeline and the rising costs of data analytics.  Schedule a complimentary demonstration or proof of concept. 

Concanon's Author

This syslog server comparison article is written by Joshua Nudell, a Director at Concanon, a business intelligence and big data consulting firm specializing in big data analytics tools and solutions. Joshua has over 20 years of experience in IT systems and working with systems data.

More information about Cribl LogStream

Find more about the Cribl products on their website: