Hello,
I'll reference the "How does it work" section of the documentation to provide reference.
- The out of the box integration makes use of rsyslog and the omsnmp SNMP trap output module. Rsyslog is the standard syslog daemon for many flavors of Linux, including RHEL and compatible such as CentOS, Rocky Linux, etc. The Spectrum installation includes some sample configuration to output incoming syslog messages into SNMP traps that Spectrum will understand.
- Rsyslog and omsnmp are required to translate the syslog messages to SNMP traps. There are other syslog daemons, such as Syslog-NG, that are able to do this so technically you could use an alternate solution to translate the syslog messages into the same format of SNMP trap that we're expecting with the Rsyslog integration but it's not supported so if you ran into an issue, you wouldn't get much assistance. Spectrum does not have a native syslog listener.
- Since the logs come in as traps, it's the same as the trap rate. We had a FAQ document posted a while back that mentioned 600 traps/second sustained but it's one of those things that can vary based on a number of factors. But if we pick that as an arbitrary value, then it would bee 600 traps and syslog messages per second combined (600 total, not 1200). If your system is undersized, has a high polling load, etc. then that number would be lower. Also remember that Spectrum is not meant to be a generic syslog collector. Ideally, the only logs that Spectrum should be getting are ones that you either want to alarm on directly or process through some event rule to decide on alarming. You don't want to send in debug level logs that no one will ever look at.
-Rob