Logs are like glitter. ✨ You can never have too much of them, and once you do have them, there's just no getting rid of them. Every device, app, and service in your IT environment is constantly shouting over itself, "Hey! Look at me! I'm doing something! And it would really help if you could see everything I was doing all at once in agonizing detail!" Sooner or later, you're going to need a strategy to cope with this incessant deluge of noise, and that's where log forwarding with PRTG Data Hub comes into play.
Oh sure, logs can be immensely valuable. If your team already has a mature log management strategy in place, along with whatever SIEM or log analytics tools you happen to be using, then most of what your systems are yelling about on any given day is just pure, undiluted, 100% gold. Trouble is, getting to that gold often requires sifting through mountains of non-essential "sparkle" first.
If you're the sysadmin tasked with sifting through reams of log files while trying to trace the root cause of an incident, you know where I'm coming from. I'm sure every once in a while you've thought, "If I only had all of these logs from the past few days sitting in one centralized place that I could search and correlate…" just before being called away to reboot the DNS server again. Life would be so much easier if there were only a way to make this happen. Oh wait…👀
Now, before we get into the more technical details, let's step back for a moment and talk about why we have this problem in the first place. Logs are everywhere in today's distributed environments - on-prem, in the cloud, in your applications, network devices, security gear, you name it. And more often than not, they're in different formats, stored in different locations, and retained for different lengths of time. This fragmentation makes it virtually impossible to get a complete picture of what's going on in your environment or to correlate events across multiple systems effectively.
Enter log forwarding, which can collect and send logs from all these disparate sources to a central location where they can be aggregated, normalized, analyzed, and acted upon as a unified set. This centralization of logs turns what would otherwise be a troubleshooting nightmare into a powerful monitoring, security, and compliance tool.
But to get log forwarding to work, you also need a plan for where you're going to collect these logs from, and which protocols you need to support (syslog, SNMP, TCP, UDP…), security (TLS/SSL, authentication…), scalability (HA, load balancing…), and how it will all fit with your existing tools (SIEM, Splunk, etc.). Cue the one size fits all purpose-built tool that you can just throw in and configure to do all the work for you: PRTG Data Hub.
PRTG Network Monitor is an established network and systems monitoring tool that can keep tabs on every device and service in your IT environment. PRTG Data Hub is an add-on that allows you to connect your PRTG instance to other systems that need access to the data your PRTG instance is already monitoring. This includes alerts, performance metrics, and – of course – log data.
PRTG Data Hub is a versatile log forwarding solution that can collect, process, and distribute logs from a wide range of sources to any number of destinations. For log forwarding, the primary use of PRTG Data Hub is as a syslog collector that can then send those collected logs on to wherever you need them to go (PRTG, Splunk, Loggly, AWS, Azure, SIEMs, or other custom applications via API).
⚠️ Breaking news: As of this writing, PRTG Data Hub is available for Linux platforms, but releases from end of August 2025 will also include a Windows version of the software, which will make it even more straightforward to deploy for organizations who run in Windows-centric environments.
As far as PRTG Data Hub's log forwarding capabilities go, here's the important stuff:
The one thing that PRTG Data Hub does really well is talking to everything. For log collection, this includes:
This means you can set up PRTG Data Hub to forward logs from pretty much any source in your environment, whether it's traditional syslog output from server processes, or custom application logs being generated by your developers. Doesn't matter where they're coming from, or in what language – PRTG Data Hub can talk to it.
On the other end of things, PRTG Data Hub can simultaneously forward logs to multiple endpoints including:
It's no-fuss, multi-protocol support, with no need to deploy separate agents on every system for each log destination.
Log data contains valuable information about your infrastructure, applications, and possibly even user activities, which if exposed could represent a potential security vulnerability. As such, it's important that your log forwarding solution has the ability to encrypt and authenticate log traffic as necessary, particularly when it's being forwarded across networks, through firewalls, or over VPNs.
PRTG Data Hub supports secure transport protocols such as TLS/SSL for encrypting the transmission of log data and includes authentication mechanisms to ensure only authorized systems can receive or send logs to PRTG Data Hub. These features will be key for companies that have strict compliance requirements but still want to be able to collect and centrally manage log data in a secure way.
Processing is where PRTG Data Hub really starts to shine. Logs are simply sent from point A to point B via most traditional log forwarding solutions, but with PRTG Data Hub, there's a whole lot of flexibility in terms of being able to do things like:
So, for example, if you're forwarding firewall logs to your SIEM, you could set PRTG Data Hub to extract the source and destination IP address and port information from each log message then enrich it with hostname information before forwarding it on to your SIEM. This way, the logs PRTG Data Hub is sending are already parsed, preprocessed, and contextualized so your security analysts have an easier time immediately getting value out of it.
Busy IT environments generate a lot of logs, and volumes can be quite large and unpredictable. A security incident may generate thousands of log entries every second, and a system update may kick off a flood of status messages. In these situations, it's important that your log forwarding solution doesn't drop messages or get overwhelmed.
PRTG Data Hub achieves this through a range of scalability and reliability features such as:
Rest assured, with PRTG Data Hub's reliability features, you won't have to ever fear a lost logs scenario causing gaps in your security or troubleshooting logs.
I'm really not making this stuff up. PRTG Data Hub is a proven, production-ready log forwarding solution that can save your bacon when it comes to things like Security incident response, Troubleshooting complex performance problems, and Compliance/Audit preparation. Here are some examples:
As security threats grow in both sophistication and volume, the need to quickly identify affected systems and attack vectors during a security incident is more important than ever. This requires combining and correlating log data from firewalls, authentication systems, servers, applications, and more to quickly isolate the scope of a breach.
With PRTG Data Hub forwarding logs from all of these sources to a centralized SIEM, security analysts can search and correlate logs across the entire environment from a single pane of glass, with logs arriving already preprocessed with any additional context needed to quickly identify patterns and relationships between events.
When an application is "slow", there's no shortage of potential causes, including bottlenecks in the application server, database, network, or even an upstream dependency on a third-party cloud service. Identifying the true root cause often requires you to look at logs for all of these components simultaneously.
PRTG Data Hub can forward logs from each system to a central dashboard to track a single transaction end-to-end and correlate application logs with server metrics to find whether the application is CPU-bound, network latency, or a poorly optimized database query.
Many compliance frameworks require that organizations not only maintain extensive logs but be able to produce them during audits, which can be challenging when those logs are spread across multiple systems with different retention policies.
With PRTG Data Hub's centralized log forwarding, all of your organization's relevant logs are collected, standardized, and stored according to compliance requirements, so when auditors show up, rather than scrambling around all your systems looking for log files, everything is already in one place, in the right format, and properly retained.
Setting up log forwarding with PRTG Data Hub is one of the simpler configuration exercises you can do in Paessler's range of tools. Everything you need to do to get log forwarding working is in the intuitive web UI, with some helpful drop-down menus and templates to help get you up and running even more quickly.
There's also a command line interface (CLI) if you want to automate configuration and integrate with existing DevOps workflows. That, and the aforementioned upcoming Windows support will make deploying PRTG Data Hub even easier for those Windows-centric shops out there who are thinking about log forwarding as a core element of their strategy but have so far been nervous about the technical overhead of deploying Linux agents to do the work for them.
The terms log forwarding and log shipping are often used interchangeably, but there are subtle differences between the two in terms of how logs are typically handled and transported, and this will affect the logging architecture decisions you make for your own environment.
Log forwarding generally implies a near-real-time process where logs are sent as close to "live" as possible, and to their destination as soon as they are available. This is better for situations where access to fresh data is required such as security monitoring, alerting, and when troubleshooting problems as they are happening. It typically also involves a persistent connection between source and destination (syslog over TCP with TLS encryption, for example).
Log shipping, on the other hand, is often based on collecting logs for a period of time (minutes, hours, or even days) before shipping them to a destination in batches. Log shipping is usually about efficiency and throughput over accessibility and immediacy. This approach is often used for long-term log storage and analytics workloads where real-time access to data isn't important.
PRTG Data Hub is actually great at both approaches, both the "I need this now!" real-time security and operational logs as well as the "I need to store this for seven years" compliance and archiving logs. This flexibility means you don't need multiple, specialized solutions to handle both log forwarding and log shipping, PRTG Data Hub can do both!
One of the biggest pain points for any log management strategy is dealing with changes to source log formats. Whether it's a version update to a key application or firmware change to an infrastructure device, formats can and do change, and if your log forwarding solution isn't robust enough to handle it, these changes can break your parsing rules and lead to data loss or at best incorrect processing.
With PRTG Data Hub, thanks to its template and less explicit rule-based system, it's possible to create templates that focus on certain patterns and be more flexible with parsing versus hard-coding expectations about a log message. This is also a good reason to take advantage of PRTG Data Hub's API to create dynamic parsing rules that can be adjusted in response to these types of changes.
PRTG Data Hub can also keep an eye on parsing success rates and warn you when messages previously being processed successfully start failing to parse – a clear indicator that a change has taken place.
For really critical systems, it's also worth taking a dual-path approach where you preserve raw logs alongside parsed versions (PRTG Data Hub's preprocessing features are only applied to the secondary copy). In this way, should the worst happen, you have the original data safely stored in case you need to fall back to reprocessing logs with revised rules instead of losing it forever.
While logs are often thought of primarily as a security and troubleshooting tool, in the right hands, they can also be a treasure trove of useful capacity planning and optimization data, it's just a question of sifting through all that glitter to get to the good stuff.
PRTG Data Hub, in particular, can be very handy in this capacity, as it can extract performance-related metrics out of logs and forward them to analytics or dashboarding platforms where they can be correlated with other data sources.
Application logs, for example, will often include a great deal of information about response times, resource utilization, user concurrency, and more that just won't make it into more traditional monitoring metrics.
By forwarding these logs to a platform where they can be analyzed over time and aggregated against other data, you can surface performance degradation, cyclical or diurnal usage patterns, dependencies between disparate systems, and a number of other capacity planning optimization insights.
The log correlation capabilities are particularly useful in this scenario, such as overlaying CPU utilization metrics with application transaction logs which might reveal that a seemingly efficient system is actually mostly spent idling on a rarely used feature that could be optimized or retired.
Logs and troubleshooting are one of those low-ceiling but wide-foundation jobs that many IT operations teams need to invest a significant amount of time in. With PRTG Data Hub, these teams can cut through the noise and turn the troubleshooting equivalent of finding a needle in a haystack into locating and sorting through a very large number of similar needles.
By using log forwarding to centralize and standardize logs in this way, PRTG Data Hub gives you much greater visibility and insight than is possible when these logs remain trapped on their respective source systems. This extra visibility is what enables you to shift from troubleshooting and optimizing with fire drills to anticipating and preventing issues before they cause outages.
Try PRTG Network Monitor and PRTG Data Hub free for 30 days and see for yourself how the power of these tools, working together, can help you turn log chaos into log clarity, one well-forwarded message at a time.