Isn't failover a feature of the Professional Edition? We chose to run two syslog servers receiving the full syslog stream from all hosts. If one goes down, the stream is available o nthe other. As Balazs states, merging the logs back together is difficult, so we don't do that. During log review, we just look in both logs. Evan. On 03/07/2014 11:57 PM, Balazs Scheidler wrote:
You basically have two options:
1. use Linux-HA or keepalived or something similar to coordinate master-slave relationship. Have syslog-ng listen on the service IP. Perhaps combine this with DNS round robin to balance the load between the nodes.
2. Use an external load balancer that distributes connections between hosts. This only works as long as you have many clients as load balancers tend to balance based on a per connection basis.
The complexity of the whole thing is when you want to merge messages delivered to either of the cluster members. You can either do that after the fact (syslog-ng will not help you here, it just puts messages in plain text files), or use some kind of nosql db that provides sharding and eventual consistency.
Hth,
On Mar 7, 2014 9:51 PM, "Ramesh Basukala" <basukalaramesh@gmail.com <mailto:basukalaramesh@gmail.com>> wrote:
Hi,
I am running open source version of syslog-ng server, currently I have only one server. I would like to add another server and configure high availability, such that log data will still be available in case my primary server dies. Looking at the documentation, syslog-ng itself does not support high availability configuration and has to be done at Operating System level.
I need help setting up high availability, please point me to any resource or documentation to start with.
Thanks for the help. -RB