[syslog-ng]caching/tcp fault tolerant syslog?

[Aleksandr Koltsoff]

hello (pls cc the replies, I'm not on the list)

I have the following scenario:
about 20 linux boxes in separate geographical areas, connected via WAN
links which I don't completely trust.

what I would like is this:
run syslog-ng on each box, they should not write to files, but instead
they should send all their messages over to a central log server
so far so good :-)

in the event of tcp-breakage (when the client boxes cannot reach the
server via tcp, maybe with some keepalive "pings"), the syslogd should
firstly start collating the log messages into memory (size settable by
user), after that to disk (or directly to disk, if memory cache size is
0)). after some retries, cached log entries should be flushed to central
server once connection is established.

I went trough the archives (not all of them, but some) and seems that some
ppl could use this functionality as well.

basically I think couple of options, write my own syslogd or start hacking
on syslog-ng, or, write a fault transparent buffering program that would
implement all this and stick with stock syslog-ng that would always feed
this program.

any ideas on this?

Aleksandr Koltsoff