<div>Do you need to simply store these syslog messages or do they need to be queried regularly?</div>
<div> </div>
<div>What is your tolerance for loss of messages when a system or network fails? If you have a 5-minute outage can you afford to lose 5-minutes of logs for devices affected by the outage?</div>
<div> </div>
<div>Can you afford shared external storeage on your syslog servers so you can build a real HA server pair, or will each server have it's own storage? This affects how you forward and sync data in the event of a syslog server failure.
</div>
<div> </div>
<div>What kind of data size and network bandwidth are we talking about?</div>
<div> </div>
<div>The issue here is that native syslog forwarding capability works for most cases, but there is potential for loss of messages. If reliability is critical you will need to consider a store-and-forward approach so that logs can be forwarded subsequent to network downtime. Depending on data size and whether you need to query these log files regularly (or if you need to index them), you can build synchronization Perl scripts to sync logs from disparate sources.
</div>
<div> </div>
<div>There are commercial tools you can consider as well but cost is very high for this type of distributed architecture (several hundred thousand dollars USD)</div>
<div> </div>
<div><br> </div>
<div><span class="gmail_quote">On 5/24/07, <b class="gmail_sendername">Raghu (Lists)</b> <<a href="mailto:raghu.lists1@gmail.com">raghu.lists1@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Hi all,<br><br>I am working on a project to build distributed syslog-ing system for a<br>very lager enterprise with offices all across the globe. Below are the
<br>main objectives:<br><br>1. Support for primarily network devices, like ciscos, netscreens, junipers etc<br>2. Minimum or no loss of messages when network fails<br>3. Central storage of all syslog messages<br><br>Could you please give me your ideas or point me to any documentation
<br>that deals with such designs?<br><br>Thank you!<br>_______________________________________________<br>syslog-ng maillist - <a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br><a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>Frequently asked questions at <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br><br></blockquote></div><br>