[syslog-ng]Syslog-ng & multiple "central" loghosts / HA environment

[Travis Kriza]

Hi everyone, have an interesting question.

Let's say I have 2 hosts, both running syslog-ng.  These hosts also do 
a few other tasks and we want them to be highly available.  We also 
don't want them to miss any syslog messages they will be receiving from 
other hosts.

The one thing I can see doing is on the hosts that it is possible, to 
have them send their information to both syslog hosts.  However, I 
don't think all the equipment supports this.  (For instance, I think 
some cisco equipment supports only 1 syslog host --- please correct me 
if I am wrong).

The other option I thought of was using heartbeat like you would with 
LVS.  That way, you can share an ip and point all of the equipment to 
that ip.

However, what I am trying to figure out, especially with this secondary 
scenario, is how do you get syslog-ng to report to the other host (for 
the duplicate/backup) without having syslog-ng push the messages to 
both of the syslog hosts "regular" ip's and, in doing so, prevent log 
messages from duplicating exponentially?

Does this make sense?

Thanks,

Travis