[syslog-ng] Syslog-NG.conf to Fork to Two Log Aggregators
wiskbroom at hotmail.com
wiskbroom at hotmail.com
Tue Sep 30 20:34:53 CEST 2014
Hello;
I have syslog clients that I would like to configure to send log-data to a middle-man/intermediary syslog-NG server. Once received on the intermediary, I want to immediately fork that data onto a different log-server, not syslog-NG; satisfying a requirement to feed two systems.
The reason for the fork is because the non-syslog-NG-server is running a proprietary logging system, and it must, at least for now, be capable of seeing *most* of my logs. It, the non-syslog-NG-server, is incapable of retransmitting to my syslog-NG server, nor would I trust it to do so.
My questions to the list are,
1. Has anyone successfully done something similar?
2. Any recommendations/gotchas I should be aware of?
3. Can I also configure syslog-NG to also resend Splunk data? Or do I have to run a Splunk Univ Forwarder configured similarly to my intermediary syslog-NG server to achieve that? (Yes, I know, OT question, sorry...)
Thank you in advance,
.vp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140930/ca49fd86/attachment.htm
More information about the syslog-ng
mailing list