I'm transitioning from Splunk to Kiwi Syslog Server and need some help. I plan to set up both primary and backup servers, but I have a few questions. Kiwi requires static IPs - would it make sense to isolate it on its own VLAN? Also, does it need to run on a SQL server? Lastly, what's the best way to migrate my data from Splunk to Kiwi? Any advice or insights would be super helpful!
4 Answers
Consider placing Kiwi with your other management boxes unless the log volume is excessive. It defaults to flat file storage, so SQL isn't necessary unless you want advanced reporting. For migrating from Splunk, you can export logs to plain text and repipe them into Kiwi for the best continuity. Just keep log sizes manageable to avoid performance hiccups.
Honestly, moving from Splunk, which has tons of features, to Kiwi can be a tough sell. I suggest looking into alternatives like rsyslog as they might suit your needs without the headaches. Just a thought!
If you're really looking to set up a secure environment, putting Kiwi on its own VLAN is a smart move, particularly for zero trust setups. However, it's not a strict requirement. But be aware—migrating from Splunk to Kiwi isn't straightforward since they operate quite differently. Kiwi is great for syslog, but it's not meant to replace everything Splunk does. You might need to create a custom exporter to move logs over, and make sure you have a fast disk setup to avoid log loss! Good luck!
At my workplace, we run Kiwi without SQL. It’s pretty simple—just logs to .log files. We monitor a few devices, and it’s not been an issue for us not using a VLAN. Just keep track of the log sizes with PowerShell or something similar to prevent clutter.
I totally get that! I have a script that zips our logs every night to save space, especially since we have quite a bit of logs daily. It's saved us from losing important data!
When we needed a solid setup, a basic Linux box with rsyslog worked for us. Definitely customizable, and it’s much cheaper!