Nagios vs Splunk [closed]

I am looking to implement log tracking at my current company. After some research it seems Nagios and Splunk are the two best options. I was wondering if there is a consensus with which is better.

I understand that Splunk can be quite pricey if the non-free version is used. That being said I can imagine the answer to my question will be "If you have the money use Splunk, if not use Nagios"


These are two different things so it's not an either or situation.

Splunk is to centralize and analyze your logs. It is capable of generating alerts so I can see how this functionality can be confused with Nagios. But Nagios is an infrastructure and services monitoring and alerting solution. It can monitor things that don't necessarily have logs like cpu usage, number of processes, even check for ssl certificates about to expire. Logs may not tell you that apache has stopped responding to http requests where Nagios can.

So in most situations you'll want to have something that does each of these jobs. For log correlation and analysis there aren't a lot of open source options but Octopussy looks pretty good. For infrastructure monitoring, alerts, and escalations there are a number of solutions out there. Both commercial and free/opensource.


Nagios and Splunk are two completely different products. Nagios is more networking monitoring while Splunk is more of a log console and a place to correlate events from multiple sources (including Nagios). We use Nagios for monitoring and the free version of Splunk to consolidate syslog messages from all servers,network devices, and IPS equipment to one central location