[syslog-ng]Central syslog with relays configuration

[Balazs Scheidler]

2004-06-23, sze keltezéssel 18:47-kor SPINDLER Loďc TRANSPAC ezt írta:
> I am on designing a central log system in order to "concentrate" gigabytes 
> (~12 daily) of logs from 3 delocalized platforms. Quickly here is how it 
> works. I have 3 sites on which approximately 100 hosts push syslog 
> messages to local relay over udp. My 3 relays just forward over tcp the 
> syslog messages to a centralhost using syslog-ng.
> On my concentrator (centralhost) I receive and store those messages using 
> syslog-ng.
> I have the configuration running in a lab with no problem.
> 
> But what happens in case the concentrator fails (f.o. hardware pb) :  Will 
> the relays keep the messages somewhere ? can this be set up someway ?
> 
> At this time I did not success in programming a fifo to have the messages 
> written in case the network forward could not be done. Anybody did ?

syslog-ng has a temporary stores messages it cannot send in a memory
based buffer. the size of this buffer can be specified with the
log_fifo_size() option.

when the buffer becomes full it will start dropping messages. currently
there's no way to store buffer in a permanent location (ie. disk)

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1