[syslog-ng] Problem with setup of syslog-ng loghost in HA environment

Jens Grigel jens.grigel at sskm.de
Wed Oct 19 18:01:41 CEST 2005 

On Wed, 2005-10-19 at 16:25, Berthold Cogel wrote:
> Hello!
> 
> We want to set up a syslog-ng in a HA Cluster (Red Hat Clumanager).
> The Cluster has two nodes for failover of services with attached shared 
> storage from our SAN.
> The idea was to use syslog-ng only for the loghost. Local logging on all 
> machines is done by standard syslog and forwarded to the loghost. The 
> loghost uses his own IP which is handed over from one node to the other 
> in case of a failover situation.
> 
> It is not a problem to get the loghost running. The problem is the 
> logging on the cluster node that is the current loghost. Although syslog 
> doesn't log remote messages and syslog-ng binds to another (virtual) 
> interface.
> 
> We have an old loghost with syslog, where our systems send parts of 
> their messages. This works, even for the system, syslog-ng is running 
> on. I can see the udp packets with ethereal. But there is no syslog 
> traffic to the second IP or localhost. Only 'external' messages get 
> logged with syslog-ng
> 
> The system is Red Hat Enterprise Linux 3. syslog-ng is 1.6.8.


Hi,

I'm currently in the process of setting up a central syslog-ng server on
a Linux-HA-Cluster and stumbled across the same problem. I couldn't find
the problem after some time of searching and ran out of ideas. 

Finally I'm using a local syslog-ng on every clusternode and forward the
messages to the syslog-ng listening on the cluster-ip, works perfect.
Both Nodes are running CentOS4, syslog-ng is 1.6.8,

The local syslog-ng's have a very basic configuration:

####
source s_sys {
    file ("/proc/kmsg" log_prefix("kernel: "));
    unix-stream ("/dev/log");
    internal();
};
 
destination d_messages { file("/var/log/messages"); };
destination d_mnss { udp(192.168.1.209); };
 
log { source(s_sys); destination(d_messages); };
log { source(s_sys); destination(d_mnss); };
####

All the sorting and other voodoo is done by the clustered syslog-ng with
its own config.

Hope that helps,

-- 

Jens Grigel

Stadtsparkasse München
Netzwerk und Sicherheit

More information about the syslog-ng mailing list