I am trying to setup Syslog-ng to relay messages from one syslog server to another with a load balancer in between.  I am also using TLS encryption.  The issue I’m having right now is that when the client intiates the connection, it seems to lock on to a particular back end syslog server and send all of its messages there instead of switching off to another one.  On its own this isn’t a big problem except that if that system goes down, the client doesn’t seem to be aware.  I also haven’t found a good way to force syslog-ng to close and re-establish its connections without fully shutting down the relay system.   We currently have no persistence setup on the load balancer.

 

Is there a way to tell the relay server to periodically reconnect?  Maybe send a certain amount of messages or data before reconnecting so that the data is balanced across the backend syslog-ng servers?  Also, is there a better way to have the relay system learn about the remote server going offline so it can immediately reset its connection?