The cheapest option is to change the complete environment to syslog-ng and tcp transport. Tcp works way better than udp and if you adjust the client fifo a bit you have quite a bit messages cached in the memory. I have this setup running with 800 clients and all clients are of course logging to two servers.

Von: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] Im Auftrag von Abhijeet Rastogi
Gesendet: Dienstag, 2. April 2013 07:38
An: syslog-ng@lists.balabit.hu
Betreff: [syslog-ng] High availability for syslog-ng

Hi,

Currently, I've just one syslog-ng server which receives messages from hundreds of rsyslog instances. I'm sending logs via UDP so if syslog-ng machine dies, logs will be missed.

How can I make the system more redundant? I want to achieve something like if the current syslog-ng machine goes down, some other machine should be able to take it's role.

Any kind of help is highly appreciated. Thanks

Regards,
Abhijeet Rastogi (shadyabhi)
http://blog.abhijeetr.com