[syslog-ng] Process stored logs
Patrick H.
syslogng at feystorm.net
Thu Apr 22 19:26:59 CEST 2010
The log_fifo_size variable controls how many messages the output buffer
will hold. So if server Z is relaying to A, and A goes down, Z will
start storing messages in this buffer. Unfortunately there is no way to
say 'if destination A fails, log to destination A2 (which may be a file
output or something) instead'. The premium version does support
disk-based buffering though, so that if log_fifo_size fills up, it'll
start writing out to a disk based file instead.
Sent: Thursday, April 22, 2010 12:13:40 AM
From: noel anderson <nascentcatalyst at yahoo.com>
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] Process stored logs
> I'm building an infra across the geo's to collect logs at a central repository. I have set up syslog-ng in 3 geo's (say for e.g X, Y, Z) to collect logs form servers in respective Geo. A forurth server (say for eg. A) where the logs are forwarded from the 3 log servers to aggregate all the logs from all GEO's.
>
> The problem where I fail to understand is, if my aggregator server (A) goes down, how do i process my stored logs on (X,) (Y), (Z), so that i do not loose any logs during my downtime.
>
> Is it possible to process backlog of logs on the server or do i have to change my infra so that i do not loose these logs?
>
> Thanks
> Noel (hsxtrt)
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100422/db032a80/attachment.htm
More information about the syslog-ng
mailing list