Skip to main content

Syslog at Scale with Cribl

Welcome to the Cribl self-guided demo! In this course, Handling Syslog at Scale with Cribl, we demonstrate the benefits of using Cribl instead of Syslog-NG when handling your syslog needs at scale.

Using a Splunk Universal Forwarder (UF) and Syslog-NG, we will discuss the current method for ingesting syslog data into corporate SIEMs. We will then see how to do a small-lift change using Cribl Edge instead of the UF for sending off the syslog files. Lastly, we will configure Cribl Stream to directly receive syslogs, bypassing Syslog-NG.

This course should take about 20 minutes to complete. At the end of the course, you can optionally continue with the other How-to's and continue building a full configuration, or try out any of the other courses available at https://sandbox.cribl.io.

This sandbox instance stays running for 24 hours, after which you can get a new sandbox, but your progress will be lost. To reconnect to the sandbox, just come back to Handling Syslog at Scale Using Cribl and re-enter your email address.

Conventions

In this tutorial, the following formatting indicates (respectively) actions we expect you to take; content you can optionally skip; and commands or content you need to paste into the terminal or Cribl.

important

Important text shows actions you need to take. For each of these sections, further sections will depend on your having taken these actions in Cribl.

note

Notes contain optional steps. You can skip these without breaking the infrastructure we're building.

Preformatted text contains commands to be pasted 
into the terminal, or content to be pasted into 
Cribl. There is an easy Copy option available
at these sections' upper-right corner.

Getting Help

If you get stuck during this tutorial, feel free to reach out to us on the Cribl Community Slack channel.

Login

Cribl should automatically log you in, but if you're idle for too long, or get disconnected, you might get prompted to log in.

Cribl Authentication

Copy/paste the credentials to a local file, in case you get prompted to log in later.

Username: admin
Password: cribldemo