Axosyslog vs SC4S

[MrM8BRH]

What is the difference between Splunk Connect for Syslog (SC4S) and Axosyslog?

[MrAnno]

Hi,

Thank you for the question.

In short, SC4S is for ingesting a wide variety of data to Splunk, while AxoSyslog is a general-purpose, modern, scalable data processor (SC4S is actually built on top of AxoSyslog, see here).

---

AxoSyslog is a fork of syslog-ng (a drop in replacement for syslog-ng), initiated by its original creator, aiming to enhance and modernize the traditional syslog-ng project. The main aspects are:

• cloud native (containers, Helm charts, Kubernetes integration),
• security data tailored parsing and transformation (filterx, app-parser, app-transform, etc)
• not only old-style syslog: Splunk, OpenTelemetry, ClickHouse, Loki, BigQuery, Google Pub/Sub, Azure Monitor
• performance (eBPF, memory allocator, etc)

Documentation: https://axoflow.com/docs/axosyslog-core/

SC4S, on the other hand, is purpose-built for Splunk. It's a pre-configured, containerized AxoSyslog instance optimized to parse and forward data specifically to Splunk. SC4S has a big collection of parsers, recognizing a wide variety of device and service logs (you can take a quick look at here).

Documentation: https://splunk.github.io/splunk-connect-for-syslog/main/

[MrAnno]

(As you were curious about the differences between AxoSyslog and SC4S, you may be interested in what we do at Axoflow, it might be a match for your needs: https://axoflow.com)