8

I am looking to implement log tracking at my current company. After some research it seems Nagios and Splunk are the two best options. I was wondering if there is a consensus with which is better.

I understand that Splunk can be quite pricey if the non-free version is used. That being said I can imagine the answer to my question will be "If you have the money use Splunk, if not use Nagios"

dan_vitch
  • 357
  • 1
  • 3
  • 8

2 Answers2

14

These are two different things so it's not an either or situation.

Splunk is to centralize and analyze your logs. It is capable of generating alerts so I can see how this functionality can be confused with Nagios. But Nagios is an infrastructure and services monitoring and alerting solution. It can monitor things that don't necessarily have logs like cpu usage, number of processes, even check for ssl certificates about to expire. Logs may not tell you that apache has stopped responding to http requests where Nagios can.

So in most situations you'll want to have something that does each of these jobs. For log correlation and analysis there aren't a lot of open source options but Octopussy looks pretty good. For infrastructure monitoring, alerts, and escalations there are a number of solutions out there. Both commercial and free/opensource.

sebthebert
  • 1,234
  • 8
  • 21
3dinfluence
  • 12,449
  • 2
  • 28
  • 41
  • Does that mean these two can/should be used in concert? – dan_vitch Apr 20 '10 at 21:36
  • At the end of the day it depends on what you're trying to accomplish. Both are good to have in any environment and both become more important as the environment gets larger and more complex. Also just to throw this out there there's a third type of tool for dealing with RRD graphs which are used for trending. Nagios is starting to do more of this natively and through plugins but the best known tool for this in the open source world is Cacti. – 3dinfluence Apr 20 '10 at 21:55
  • You really should be using two tools - Nagios for SNMP and LogZilla for the syslog solution which is about 1/10 of the cost of Splunk. Also, +1 for Cacti - awesome tool! – Clayton Dukes Sep 04 '12 at 15:05
  • @dan_vitch the two can indeed be using in concert; I currently use both nagios and splunk; nagios to monitor services and availability, etc, and splunk to graph contents of logs (eg number of users picking up licenses for certain software packages from network license servers over time, etc). I also use cacti, which I'd recommend too - but only on my personal kit! – BE77Y Dec 17 '14 at 16:45
  • Apparently there's some integration available to view nagios data in splunk. I haven't tried it, but it certainly looks relevant: https://apps.splunk.com/app/352/ – JivanAmara Jan 01 '15 at 01:27
1

Nagios and Splunk are two completely different products. Nagios is more networking monitoring while Splunk is more of a log console and a place to correlate events from multiple sources (including Nagios). We use Nagios for monitoring and the free version of Splunk to consolidate syslog messages from all servers,network devices, and IPS equipment to one central location

Ninja76
  • 61
  • 1
  • 1