[syslog-ng] Syslog-ng client through a load balancer with SSL/TLS encryption

Lupo, Joseph Joseph.Lupo at T-Mobile.com
Fri Aug 12 17:47:43 CEST 2016 

Multiple syslog servers isn’t an option with a lot of these systems.  We could possibly have the relay server relay to multiple servers on the backend, but we’re loading this data into Splunk and don’t want redundant data to be loaded in.
Thanks,
Joe Lupo
T-Mobile USA
Principal Engineer, System Design & Strategy
(973) 440-8768

From: <syslog-ng-bounces at lists.balabit.hu> on behalf of Evan Rempel <erempel at uvic.ca>
Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Date: Thursday, August 11, 2016 at 11:19 PM
To: "syslog-ng at lists.balabit.hu" <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Syslog-ng client through a load balancer with SSL/TLS encryption

IMHO The best way to have redundant logging it to log to multiple syslog servers from each source server. For devices that can only log to one device I would log to a dedicated log replicator that send a copy of the log event to the multiple syslog servers just as if the client could have sent to multiple syslog server on its own.

Evan.

On 08/11/2016 03:07 PM, Lupo, Joseph wrote:
I am trying to setup Syslog-ng to relay messages from one syslog server to another with a load balancer in between.  I am also using TLS encryption.  The issue I’m having right now is that when the client intiates the connection, it seems to lock on to a particular back end syslog server and send all of its messages there instead of switching off to another one.  On its own this isn’t a big problem except that if that system goes down, the client doesn’t seem to be aware.  I also haven’t found a good way to force syslog-ng to close and re-establish its connections without fully shutting down the relay system.   We currently have no persistence setup on the load balancer.

Is there a way to tell the relay server to periodically reconnect?  Maybe send a certain amount of messages or data before reconnecting so that the data is balanced across the backend syslog-ng servers?  Also, is there a better way to have the relay system learn about the remote server going offline so it can immediately reset its connection?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160812/c2cee8e0/attachment.htm

More information about the syslog-ng mailing list