K K wrote:
Has anybody found a good way to take a high-volume stream of UDP syslog packets, aggregate and compress the packets, and then recreate them, with the original source IPs, at the other end of a WAN circuit? The need of preserving the original source IP adresses makes the problem tricky. I guess your logs are important ;) so crafting up some scripts wouldn't be so appealing. Why don't letting your two syslog-ng instances communicate over a VPN tunnel? OpenVPN is very mature and robust, it supports traffic compression and encryption. Also you can make the tunnel lossless using TCP (if syslog is using UDP)
Just my 2 cents -- Federico Ceratto - Linux System Administrator Every man takes the limits of his own field of vision for the limits of the world. - A. Schopenhauer