This is an old revision of the document!

I have been working on a simple SYSLOG project to gather scanning data off of host around the internet and centralize it. The no telling what I will do with the data at that point. Its a project I thought of a while back and I nicknamed it TopTalkers. Basically this is the setup I am going for, very simple a remote syslog server with two host sending it traffic.

I would grow the idea from there with more host and then I wanted to write the session data to a PostgresDB. Kind of a poor mans SEIM or a smart mans method of not paying Cisco for Splunk or Microsoft for Sentinel.

I had worked on a project like this a couple of years/versions of Debian ago and it was always a debate between rsyslog and syslog-ng. After setting up the three servers I logged into the syslog01 server and went into /var/log/ and things looked different. First off there was a README file in the directory!

I am going to move the sidebar conversation to the blog instead of taking up this whole technical discussion with journald vs syslog debate.