High availabilty configuration
Hi, I am running open source version of syslog-ng server, currently I have only one server. I would like to add another server and configure high availability, such that log data will still be available in case my primary server dies. Looking at the documentation, syslog-ng itself does not support high availability configuration and has to be done at Operating System level. I need help setting up high availability, please point me to any resource or documentation to start with. Thanks for the help. -RB
Might consider using a load-balancer with a heartbeat check? On Sat, Mar 8, 2014 at 2:20 AM, Ramesh Basukala <basukalaramesh@gmail.com>wrote:
Hi,
I am running open source version of syslog-ng server, currently I have only one server. I would like to add another server and configure high availability, such that log data will still be available in case my primary server dies. Looking at the documentation, syslog-ng itself does not support high availability configuration and has to be done at Operating System level.
I need help setting up high availability, please point me to any resource or documentation to start with.
Thanks for the help. -RB
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
You basically have two options: 1. use Linux-HA or keepalived or something similar to coordinate master-slave relationship. Have syslog-ng listen on the service IP. Perhaps combine this with DNS round robin to balance the load between the nodes. 2. Use an external load balancer that distributes connections between hosts. This only works as long as you have many clients as load balancers tend to balance based on a per connection basis. The complexity of the whole thing is when you want to merge messages delivered to either of the cluster members. You can either do that after the fact (syslog-ng will not help you here, it just puts messages in plain text files), or use some kind of nosql db that provides sharding and eventual consistency. Hth, On Mar 7, 2014 9:51 PM, "Ramesh Basukala" <basukalaramesh@gmail.com> wrote:
Hi,
I am running open source version of syslog-ng server, currently I have only one server. I would like to add another server and configure high availability, such that log data will still be available in case my primary server dies. Looking at the documentation, syslog-ng itself does not support high availability configuration and has to be done at Operating System level.
I need help setting up high availability, please point me to any resource or documentation to start with.
Thanks for the help. -RB
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Isn't failover a feature of the Professional Edition? We chose to run two syslog servers receiving the full syslog stream from all hosts. If one goes down, the stream is available o nthe other. As Balazs states, merging the logs back together is difficult, so we don't do that. During log review, we just look in both logs. Evan. On 03/07/2014 11:57 PM, Balazs Scheidler wrote:
You basically have two options:
1. use Linux-HA or keepalived or something similar to coordinate master-slave relationship. Have syslog-ng listen on the service IP. Perhaps combine this with DNS round robin to balance the load between the nodes.
2. Use an external load balancer that distributes connections between hosts. This only works as long as you have many clients as load balancers tend to balance based on a per connection basis.
The complexity of the whole thing is when you want to merge messages delivered to either of the cluster members. You can either do that after the fact (syslog-ng will not help you here, it just puts messages in plain text files), or use some kind of nosql db that provides sharding and eventual consistency.
Hth,
On Mar 7, 2014 9:51 PM, "Ramesh Basukala" <basukalaramesh@gmail.com <mailto:basukalaramesh@gmail.com>> wrote:
Hi,
I am running open source version of syslog-ng server, currently I have only one server. I would like to add another server and configure high availability, such that log data will still be available in case my primary server dies. Looking at the documentation, syslog-ng itself does not support high availability configuration and has to be done at Operating System level.
I need help setting up high availability, please point me to any resource or documentation to start with.
Thanks for the help. -RB
Hi, I was considering a config-based solution: have all clients send to multiple syslog-ng servers (e.g. using multicast), after adding a unique identifier to each message (e.g. using the uuid template function). Then have all syslog aggregators ship their copy to a common storage, the unique key enabling you to identify/drop the multiple copies of the same message, Cheers
I was thinking about DRBD and Heartbeat. What do you guys think? Is there any commercial versions on High Availability configuration I can use for this? I am looking for consistency and reliability. Thanks, RB On Mon, Mar 10, 2014 at 5:27 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
Hi,
I was considering a config-based solution: have all clients send to multiple syslog-ng servers (e.g. using multicast), after adding a unique identifier to each message (e.g. using the uuid template function).
Then have all syslog aggregators ship their copy to a common storage, the unique key enabling you to identify/drop the multiple copies of the same message,
Cheers
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
You can use: http://www.redhat.com/products/enterprise-linux-add-ons/high-availability/ It is present in CentOS, SL, etc ... On Mon, Mar 10, 2014 at 1:23 PM, Ramesh Basukala <basukalaramesh@gmail.com> wrote:
I was thinking about DRBD and Heartbeat. What do you guys think? Is there any commercial versions on High Availability configuration I can use for this? I am looking for consistency and reliability.
Thanks, RB
On Mon, Mar 10, 2014 at 5:27 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
Hi,
I was considering a config-based solution: have all clients send to multiple syslog-ng servers (e.g. using multicast), after adding a unique identifier to each message (e.g. using the uuid template function).
Then have all syslog aggregators ship their copy to a common storage, the unique key enabling you to identify/drop the multiple copies of the same message,
Cheers
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, We are using drbd in the syslog-ng appliance called syslog-ng Store Box. It works, there are some quirks and learning curve though. And that doesn't allow load balanced operation only fail over. On Mar 10, 2014 2:24 PM, "Ramesh Basukala" <basukalaramesh@gmail.com> wrote:
I was thinking about DRBD and Heartbeat. What do you guys think? Is there any commercial versions on High Availability configuration I can use for this? I am looking for consistency and reliability.
Thanks, RB
On Mon, Mar 10, 2014 at 5:27 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
Hi,
I was considering a config-based solution: have all clients send to multiple syslog-ng servers (e.g. using multicast), after adding a unique identifier to each message (e.g. using the uuid template function).
Then have all syslog aggregators ship their copy to a common storage, the unique key enabling you to identify/drop the multiple copies of the same message,
Cheers
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (6)
-
Balazs Scheidler
-
C. L. Martinez
-
Evan Rempel
-
Fabien Wernli
-
Ramesh Basukala
-
Shashank Rohatgi