Caution: Articles written for technical not grammatical accuracy, If poor grammar offends you proceed with caution ;-)
In a previous article, I compared syslog servers and decided to use Splunk. Splunk is easy to set up as a generic Syslog server, but it can be a pain in the ass getting the winders machines to send to it. There is a home brewed java based app on the Splunk repository of user submitted solutions, but I have heard complaints about its stability and decided that I was going to set out to find a different way to do it.
During my search, I discovered some decent (free!) agents on sourceforge. One will send event logs to a syslog server (SNARE) and one will send text based files to a syslog server (Epilog). Using the SNARE agents appear to be more stable than using the Java App and does a pretty good job. So I basically came up with a free way to set up a great Syslog server using Ubuntu Server, Splunk, SNARE and Epilog.
I created a “Proven Practice Guide” for VI:OPS and posted it there, but it seems that it is stuck in the approval process. I usually psot the doc on VI:OPS and then link to it in my blog post, and follow up later with a copy on our downloads area. To hurry things along, I also posted it in both places:
Dave – Have you checked out the “Splunk for VMware” package on Splunk’s website? The description reads as if it is designed specifically for VM.
Dave – Have you checked out the “Splunk for VMware” package on Splunk’s website? The description reads as if it is designed specifically for VM.
Yes, I have. That is the home brewed Java app that I refer to. It is OK, but it sometimes does not perform very well.
-Dave
Yes, I have. That is the home brewed Java app that I refer to. It is OK, but it sometimes does not perform very well.
-Dave
For the record, Splunk for VMware’s integration relies on VMware’s vCenter API which unfortunately don’t scale very well. That being said, Splunk’s been working with VMware to help tune and optimize the APIs. Expect a MUCH faster, scalable and resilient version of Splunk for VMware on Splunk 4.0 about 1 month.
For the record, Splunk for VMware’s integration relies on VMware’s vCenter API which unfortunately don’t scale very well. That being said, Splunk’s been working with VMware to help tune and optimize the APIs. Expect a MUCH faster, scalable and resilient version of Splunk for VMware on Splunk 4.0 about 1 month.
For the record, Splunk for VMware’s integration relies on VMware’s vCenter API which unfortunately don’t scale very well. That being said, Splunk’s been working with VMware to help tune and optimize the APIs. Expect a MUCH faster, scalable and resilient version of Splunk for VMware on Splunk 4.0 about 1 month.
Thanks for clearing that up Simon. I am sure many of us look forward to the new version.
Thanks for clearing that up Simon. I am sure many of us look forward to the new version.
Thanks for clearing that up Simon. I am sure many of us look forward to the new version.
@SimonSays
Hi Simon, do you know if Splunk will offer to download VMware based appliances with their application pre-installed?
Thx,
Didier
@SimonSays
Hi Simon, do you know if Splunk will offer to download VMware based appliances with their application pre-installed?
Thx,
Didier
@SimonSays
Hi Simon, do you know if Splunk will offer to download VMware based appliances with their application pre-installed?
Thx,
Didier
@PiroNet
Its funny. I asked that question at VMworld 2008 and they wondered why they would need to do such a thing. It IS fairly easy to install and set up, but an optimized, Linux based appliance would be nice for the people out there that are not that familiar with Linux.
Dave
@PiroNet
Its funny. I asked that question at VMworld 2008 and they wondered why they would need to do such a thing. It IS fairly easy to install and set up, but an optimized, Linux based appliance would be nice for the people out there that are not that familiar with Linux.
Dave
@PiroNet
Its funny. I asked that question at VMworld 2008 and they wondered why they would need to do such a thing. It IS fairly easy to install and set up, but an optimized, Linux based appliance would be nice for the people out there that are not that familiar with Linux.
Dave