<p dir="ltr">It depends what failure modes you want to protect against.</p>
<p dir="ltr">There can be<br>
* network connection breaks<br>
* Syslog-ng daemon crashes (client, server)<br>
* audit daemon crashes</p>
<p dir="ltr">Syslog-ng has most of the infrastructure to carry out (flow control), but some pieces are missing. The PE team did work in this area, they created RLTP for app. Level network acknowledgements that would protect against network and syslogng crashes. Even in that case though the ack information can only be propagated back to your audit app by speaking RLTP.</p>
<p dir="ltr">Maybe you would need a queueing stack like amqp or 0mq, those tend to provide explicit acks, and there are brokerless solutions as well.</p>
<div class="gmail_quote">On Nov 6, 2013 6:15 PM, "Tamayo, Andres" <<a href="mailto:Andres.Tamayo@viasat.com">Andres.Tamayo@viasat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">Hello,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">I am new at using syslog-ng and I was hoping someone in the developers mailing list would be able to help me.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">I am trying to use a syslog-ng client daemon and a syslog-ng server daemon to implement an audit message system but I cannot find information that would help me configure the
daemons for my particular scenario.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">Here is my scenario:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">I have a separate audit daemon that generates log messages that are written to an audit log file in syslog format. I need the syslog-ng client to read the logs in the audit
log file and send them to the syslog-ng server. When the server has received the messages, I need some acknowledgment from the syslog-ng client, so my other audit daemon can remove the submitted log messages from the audit log file (preventing it from reaching
maximum capacity).<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">My scenario does not have to be setup exactly this way if there are better ways to achieve the same result. Basically, I need to keep all logs that have not yet being sent
to the syslog-ng server in an audit file. When the messages are delivered to the syslog-ng server, I need to delete them from the audit file.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">Can someone tell me if I can achieve this results using syslog-ng daemons? Is there a better way to implement my scenario.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">Thank you for your help in advance.<u></u><u></u></span></p>
</div>
</div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div>