IMHO The best way to have redundant logging it to log to multiple syslog servers from each source server. For devices that can only log to one device I would log to a dedicated log replicator that send a copy of the log event to the multiple syslog servers just as if the client could have sent to multiple syslog server on its own. Evan. On 08/11/2016 03:07 PM, Lupo, Joseph wrote:
I am trying to setup Syslog-ng to relay messages from one syslog server to another with a load balancer in between. I am also using TLS encryption. The issue I’m having right now is that when the client intiates the connection, it seems to lock on to a particular back end syslog server and send all of its messages there instead of switching off to another one. On its own this isn’t a big problem except that if that system goes down, the client doesn’t seem to be aware. I also haven’t found a good way to force syslog-ng to close and re-establish its connections without fully shutting down the relay system. We currently have no persistence setup on the load balancer.
Is there a way to tell the relay server to periodically reconnect? Maybe send a certain amount of messages or data before reconnecting so that the data is balanced across the backend syslog-ng servers? Also, is there a better way to have the relay system learn about the remote server going offline so it can immediately reset its connection?