[syslog-ng]failover

[Nate Campi]

On Tue, May 20, 2003 at 03:30:42PM -0700, Joxn wrote:
> I log messages to a remote server. But what happens if that server is 
> not reachable? Is there a way to implement a failover to second server?

There's nothing built in to syslog-ng for this, you'd have to build
something yourself.

You could use syslog-ng on all the clients to send via udp to two hosts,
and only start up syslog-ng on the second loghost when the first is down
(no error messages of any kind on the clients when using UDP, but you
lose the reliability). A simple fping script could be used on the second
host to start syslog-ng (or load up a new conf that listens on the
network).

Other ways involve hot-failover (heartbeat-type stuff perhaps) so that a
backup server takes over for the downed host, or a load balancer that
stops sending packets to a downed server (layer four switch type of
thing from cisco, alteon, bigip, etc), or an out-of band process that
watches logs for connection failed messages (when using TCP) and
modifies the syslog-ng conf file to use another host (and restarts it of
course).

Most of this is overkill, a monitoring system that pages someone when
servers go down is usually ok. I could see shops where security is the
top priority that might want this, though. Such a shop would benefit
from having a config directive to call a script when a certain number of
attempts to connect to a loghost over TCP have failed. The site-specific
script could take care of whatever failover measures are needed.
-- 
Nate Campi    http://www.campin.net