Syslog-ng – Failover Configuration

logssyslogsyslog-ng

Is it possible to set up a failover mechanism with Syslog-NG opensource edition?

I want that the syslog-ng Daemon logs to a remote Loghost and switches to an other server if the first would go down for some reason…

Best Answer

Syslog-ng itself does not do this. However, here are a few ways to achieve high-availability logging, sorted in increasing levels of complexity/cost:

Simply adding both servers and always write to both is the easiest one.
Have a backup syslog config around with the second servername. Have a cronjob or something to check the local syslog for reports on connection errors to the server and, when one is found, restart syslog with the backup configuration
Setting up a haproxy in tcp-mode on your local server, and setting it to use the primary server first and go to the second in case the first fails. Set syslog to log to the local haproxy instance instead of directly to the remote servers
Setting up a cluster of log servers with shared disks on a SAN, commercial HA (e.g. Veritas Cluster)... This is expensive; whether it's worth it will depends on how much it will cost you to lose some logs.

Related Solutions

Ssh – Separate messages of multiple sshds in syslog-ng

Change the name of the executable (note that that also affects PAM configuration).

ln /path/to/sshd /path/to/sshd-whatever

Start as /path/to/sshd-whatever. And define PAM configuration in /etc/pam.d/sshd-whatever. Log entries will show as sshd-whatever instead of sshd.

Best Answer

Related Solutions

Ssh – Separate messages of multiple sshds in syslog-ng

Related Question