[syslog-ng]making syslog_NG redundant / NFS / HA possibilities

Oliver Tönsmann syslog-ng@lists.balabit.hu
Mon, 31 Jan 2005 13:13:57 +0100


Hi,

we like to setup a central logging service for our distributed 
datacenter environment. Our idea is to use syslog_ng as an HA (high 
available) service running on two separate servers.  The syslog clients 
(Solaris machines, network components, firewall appliances) should post 
the log data via UDP to a loadbalancer which will forward the log data 
to the two syslog_ng hosts.

Now we have the problem how to merge the log data from the two syslog_ng 
hosts to one location. Most of our data is stored on centralised storage 
subsystems and this storage is distributed via NFS (NetApp file server). 
We like to store the logdata also into nfs directories.  Following 
figure describes a possible dataflow:

syslog clients --> LB -->

--> syslog_ng host1
--> syslog_ng host2

--> 
NFS:/.../log/$HOST/$FACILITY/$PRIORITY/one_logfile_for_both_syslog_hosts

Performance and nfs overhead is not a problem in our environment and nfs 
works very reliable due to our HA structures;  logdata per day ~2-3 GB. 
Is there a possibilty to let syslog_ng hosts write the logdata  
simultaenously into the same logfile (NFS)? What are the disadvantages?

What are your experiences in using syslog_ng as an HA service? What 
would be a good practice to setup syslog_ng and to make it high available?

Ideas and helpful suggestions are welcome - Thanxx.
Oliver

------------------------------------------------ 
Oliver Toensmann
Universitaet Bielefeld - Hochschulrechenzentrum		
Email:	Oliver.Toensmann@uni-bielefeld.de