[syslog-ng] Syslog-ng and network failover

Alexander Clouter ac56 at soas.ac.uk
Thu Mar 15 15:45:36 CET 2007 

Hi,

Jonathon Blumenthal <jonathon.blumenthal at ironmountain.com> [20070315 10:35:58 -0400]:
>
> I need to have a highly available centralized log server (all Linux). 
> 
> Is there a way to configure syslog-ng to automatically detect when the
> remote syslog server has gone down so that it can redirect messages
> elsewhere? 
> 
I submitted a patch that adds multicast support to syslog-ng so that more 
than one syslog server will receive the messages.  Of course this is over UDP 
though but not a problem for us.  The nice side effect of using multicast is 
that you can from your own workstation 'tune into' the syslog messages and so 
you do not even need to log into the servers to tail the ends of your log 
files.

If you do go down this path then I recommend you group services to particular 
multicast group addresses (with a 32 IP address spacing between groups for 
technical reasons), for example SMTP traffic to 239.192.0.0 whilst IMAP 
traffic to 239.192.0.32.  This means you can easily tune-into the stream you 
want to, it also makes your syslog-ng.conf file far simpler.

I think the approach you are using is slightly wrong, you should not 
'failover' but instead send the data to both syslog servers.  Its no use 
having a syslog server crash and burn with all your data on it and the second 
one having the data from only the point where the other one died.

> Something like this:
> destination d_tcp1 { tcp("192.168.1.1"); failover(d_tcp2); };
> destination d_tcp2 { tcp("192.168.1.2"); };
> 
> If not, anyone know of any Linux loggers that will do this?
> 
If you need tcp why don't you just use:

destination d_tcp {
	tcp("192.168.1.1");
	tcp("192.168.1.2");
};

Cheers

Alex

> -Jon
> 
> -----------------------------------------
> [snipped excessive disclaimer regarding kitchen sink]
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
>

More information about the syslog-ng mailing list