23 Feb
2004
23 Feb
'04
2:02 a.m.
However, what I am trying to figure out, especially with this secondary scenario, is how do you get syslog-ng to report to the other host (for the duplicate/backup) without having syslog-ng push the messages to both of the syslog hosts "regular" ip's and, in doing so, prevent log messages from duplicating exponentially?
Configure Syslog-ng on each box to listen to more than one incomming port. One of the ports is the standard syslog UDP, the other is just one you pick. Configure the Syslog-ng processes to forward ONLY messages that arrive via the standard port, but deliver them using the second one. Tada.... No duplication. -Ben.