I manage a network containing approx:
2 WLC's with about 100 radios
And I'd like to start sending logs to a syslog server. Having never used a syslog server before I have a few questions.
1) With a network this size how much LAN/WAN traffic am I going to be generating by sending logs to a syslog server?
2) What kind of specs do I need to run the server, and do I need more than one?
3) Are there any best practices as far as trap level, etc.?
Thanks in advance!
The amount of syslog data depends on your logging level. Even at debug level (as long as your not actually debugging traffic) the traffic is relatively small. The packets are UDP and small so they are pretty efficient. You'll only need one server (we have almost a thoudand devices on one server). We log warning on most devices, but our firewalls all run at debug.
Hope that helps.