[syslog-ng]Syslog-ng & multiple "central" loghosts / HA environment

[Balazs Scheidler]

2004-02-20, p keltezéssel 05:46-kor Travis Kriza ezt írta:
> Hi everyone, have an interesting question.
> 
> Let's say I have 2 hosts, both running syslog-ng.  These hosts also do 
> a few other tasks and we want them to be highly available.  We also 
> don't want them to miss any syslog messages they will be receiving from 
> other hosts.
> 
> The one thing I can see doing is on the hosts that it is possible, to 
> have them send their information to both syslog hosts.  However, I 
> don't think all the equipment supports this.  (For instance, I think 
> some cisco equipment supports only 1 syslog host --- please correct me 
> if I am wrong).
> 
> The other option I thought of was using heartbeat like you would with 
> LVS.  That way, you can share an ip and point all of the equipment to 
> that ip.
> 
> However, what I am trying to figure out, especially with this secondary 
> scenario, is how do you get syslog-ng to report to the other host (for 
> the duplicate/backup) without having syslog-ng push the messages to 
> both of the syslog hosts "regular" ip's and, in doing so, prevent log 
> messages from duplicating exponentially?

I think a third idea to consider is using multicasting, and have both
syslog-ng box listen to the same multicast group and equipment to send
its messages to the multicast IP. 

Although syslog-ng does not support this at the moment, I don't think it
would be that difficult to implement.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1