[syslog-ng] Distributed syslog architecture
dottom at gmail.com
Fri May 25 10:25:19 CEST 2007
Do you need to simply store these syslog messages or do they need to be
What is your tolerance for loss of messages when a system or network fails?
If you have a 5-minute outage can you afford to lose 5-minutes of logs for
devices affected by the outage?
Can you afford shared external storeage on your syslog servers so you can
build a real HA server pair, or will each server have it's own storage?
This affects how you forward and sync data in the event of a syslog server
What kind of data size and network bandwidth are we talking about?
The issue here is that native syslog forwarding capability works for most
cases, but there is potential for loss of messages. If reliability is
critical you will need to consider a store-and-forward approach so that logs
can be forwarded subsequent to network downtime. Depending on data size and
whether you need to query these log files regularly (or if you need to index
them), you can build synchronization Perl scripts to sync logs from
There are commercial tools you can consider as well but cost is very high
for this type of distributed architecture (several hundred thousand dollars
On 5/24/07, Raghu (Lists) <raghu.lists1 at gmail.com> wrote:
> Hi all,
> I am working on a project to build distributed syslog-ing system for a
> very lager enterprise with offices all across the globe. Below are the
> main objectives:
> 1. Support for primarily network devices, like ciscos, netscreens,
> junipers etc
> 2. Minimum or no loss of messages when network fails
> 3. Central storage of all syslog messages
> Could you please give me your ideas or point me to any documentation
> that deals with such designs?
> Thank you!
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the syslog-ng