[syslog-ng] s High availabilty configuration
Terry Slattery
tcs at netcraftsmen.net
Mon Mar 10 18:58:39 CET 2014
My recommendation to customers who need high reliability is to run two
instances, each in a separate data center. Configure all gear to send to both
servers. If syslog forwarding to other consumers is needed, manually configure
it on one of the two servers. Upon a failure, confirmed by a human, the servers
are reconfigured for forwarding. Many syslog consumers can't handle more than
one feed, thus the need to reconfigure upon a failure.
This isn't optimum for a site that wants automatic operation. However, building
a system that can properly determine and avoid split-brain failures (where the
two systems can't talk with one another, but the network gear can send to them)
is an "interesting challenge." It would be easy to build something to generate
an alert when the two systems can't talk with one another and make this alert
the highest priority. Humans can then step in to diagnose the problem and take
the appropriate action. Meanwhile, both systems are logging whatever they
receive, which may be the whole feed or a part of a feed, if the network becomes
partitioned.
-tcs
On 3/8/14 2:57 AM, syslog-ng-request at lists.balabit.hu wrote:
> Date: Fri, 07 Mar 2014 15:50:43 -0500
> From: Ramesh Basukala<basukalaramesh at gmail.com>
> Subject: [syslog-ng] High availabilty configuration
> To:syslog-ng at lists.balabit.hu
> Message-ID:<531A3123.5080007 at gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hi,
>
> I am running open source version of syslog-ng server, currently I have
> only one server. I would like to add another server and configure high
> availability, such that log data will still be available in case my
> primary server dies.
> Looking at the documentation, syslog-ng itself does not support high
> availability configuration and has to be done at Operating System level.
>
> I need help setting up high availability, please point me to any
> resource or documentation to start with.
>
> Thanks for the help.
> -RB
--
Terry Slattery CCIE# 1026
More information about the syslog-ng
mailing list