[syslog-ng] Run 2 syslog-ng by defferent configurations
Takenaka Kazuhiro
takenaka.kazuhiro at oss.ntt.co.jp
Tue Dec 25 03:23:44 CET 2007
Hi all.
I would like to run 2 syslog-ng instances in the same server
and tried it, but encounterd a problem. I have some questions,
please advise me something you know about this.
Firstly, I run a syslog-ng 1.6.8 instance on Redhat EL4 update 5
by a install default configuration file.
And then I run the other instance by the following configuration:
------------------------------------------------------------
source s_udp_9000 { udp(port(9000)); };
filter f_host_XXX {
host ("[xX][xX][xX]11|172\.20\.100\.100"); };
destination d_udp_messages_XXX {
file("/dbf/heartbeat/XXX.log" create_dirs(yes) perm(0640)); };
log {
source(s_udp_9000);
filter(f_host_XXX);
destination(d_udp_messages_XXX); };
------------------------------------------------------------
The operations proceeded as the following.
# service syslog-ng start
Starting system logger: [ OK ]
# syslog-ng -p /var/run/syslog-ng-vip.pid -f syslog-ng-vip.conf
Warning: No source refers to internal messages, they'll go to /dev/null
My first question is :
1. Does syslog-ng 1.6.8 always handle internal messages ?
I suspict it will cause odd behaviors on logging internal
messages when multiple syslog-ng instances run on a server.
Or are there some effective configurations to avoid this ?
Next, I updated the version of syslog-ng to 2.0.4 and played
same operations. No warnings were shown on the terminal.
My second question is :
2. Can syslog-ng 2.0.4 ignore internal messages if the
configurations specify that it shuld run so ?
I think it means run multiple instances can run on a
server safely.
Or do some problems hide behind the silence ?
===========================================================
I'd better to explain what makes me try such configurations
I mentioned to help readers understand my demand.
I plan to sent my servers' logs to a central syslog-ng server.
To make my syslog-ng server a high avalable one, I decided to
use Heartbeat as a HA manager to make a ACT/SBY syslog-ng cluster.
I also decided to use shared disks so as to save external logs
into them and make external log files be taken over on a failover
by them.
On the other hand, I intend to save central server's own logs
into server's internal disks.
I think it would be better to run 2 syslog-ng instances and
assign one to handle internal logs and the other to handle
external logs. The internal one shuld be managed by a rc script
and the external should be managed by Heartbeat.
The reason I think this way, or the reason I avoid handling
all messages by one instance, is the following.
Hearteat alway performs a stop operation on eash resources
that Hearteat just attempt to failover. If Heartbeat manages
the syslog-ng instance which handles all logs, and a failover
is triggered by some reason except syslog-ng's own corruption,
Heartbeat brings a stop to the syslog-ng instance.
This means internal logging must stop in the very time
some troubles occurs. It obviously is unpreferable.
===========================================================
Sincerely.
--
Takenaka Kazuhiro <takenaka.kazuhiro at oss.ntt.co.jp>
NTT OSS Center
More information about the syslog-ng
mailing list