[syslog-ng] Distributed syslog architecture
Tom Le
dottom at gmail.com
Fri May 25 10:25:19 CEST 2007
Do you need to simply store these syslog messages or do they need to be
queried regularly?
What is your tolerance for loss of messages when a system or network fails?
If you have a 5-minute outage can you afford to lose 5-minutes of logs for
devices affected by the outage?
Can you afford shared external storeage on your syslog servers so you can
build a real HA server pair, or will each server have it's own storage?
This affects how you forward and sync data in the event of a syslog server
failure.
What kind of data size and network bandwidth are we talking about?
The issue here is that native syslog forwarding capability works for most
cases, but there is potential for loss of messages. If reliability is
critical you will need to consider a store-and-forward approach so that logs
can be forwarded subsequent to network downtime. Depending on data size and
whether you need to query these log files regularly (or if you need to index
them), you can build synchronization Perl scripts to sync logs from
disparate sources.
There are commercial tools you can consider as well but cost is very high
for this type of distributed architecture (several hundred thousand dollars
USD)
On 5/24/07, Raghu (Lists) <raghu.lists1 at gmail.com> wrote:
>
> Hi all,
>
> I am working on a project to build distributed syslog-ing system for a
> very lager enterprise with offices all across the globe. Below are the
> main objectives:
>
> 1. Support for primarily network devices, like ciscos, netscreens,
> junipers etc
> 2. Minimum or no loss of messages when network fails
> 3. Central storage of all syslog messages
>
> Could you please give me your ideas or point me to any documentation
> that deals with such designs?
>
> Thank you!
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070525/56e68550/attachment.htm
More information about the syslog-ng
mailing list