On Tue, May 20, 2003 at 03:30:42PM -0700, Joxn wrote:

I log messages to a remote server. But what happens if that server is not reachable? Is there a way to implement a failover to second server?

There's nothing built in to syslog-ng for this, you'd have to build something yourself. You could use syslog-ng on all the clients to send via udp to two hosts, and only start up syslog-ng on the second loghost when the first is down (no error messages of any kind on the clients when using UDP, but you lose the reliability). A simple fping script could be used on the second host to start syslog-ng (or load up a new conf that listens on the network). Other ways involve hot-failover (heartbeat-type stuff perhaps) so that a backup server takes over for the downed host, or a load balancer that stops sending packets to a downed server (layer four switch type of thing from cisco, alteon, bigip, etc), or an out-of band process that watches logs for connection failed messages (when using TCP) and modifies the syslog-ng conf file to use another host (and restarts it of course). Most of this is overkill, a monitoring system that pages someone when servers go down is usually ok. I could see shops where security is the top priority that might want this, though. Such a shop would benefit from having a config directive to call a script when a certain number of attempts to connect to a loghost over TCP have failed. The site-specific script could take care of whatever failover measures are needed. -- Nate Campi http://www.campin.net