[syslog-ng] Syslog-ng client through a load balancer with SSL/TLS encryption

Fabien Wernli wernli at in2p3.fr
Tue Aug 16 11:14:31 CEST 2016

On Fri, Aug 12, 2016 at 03:47:43PM +0000, Lupo, Joseph wrote:
> Multiple syslog servers isn’t an option with a lot of these systems.  We could possibly have the relay server relay to multiple servers on the backend, but we’re loading this data into Splunk and don’t want redundant data to be loaded in.

FWIW one solution we're considering if our Elasticsearch cluster can handle
the load is to push the logs twice but with the same ID:

* no redundant data
* possibility to track how many times the same log has been pushed to ES
  using the key '_version'

Not sure that's possible using splunk though

More information about the syslog-ng mailing list