[logs] UDP/TCP load balancer recommendations
Mordechai T. Abzug
morty at frakir.org
Mon Nov 19 18:30:20 PST 2007
On Mon, Nov 19, 2007 at 09:01:04PM -0500, Steve Bernacki wrote:
> My organization is about to embark on a project to fortify our log
> capture and analysis infrastructure. One item that I've identified
> as being necessary is a load balancer to spread the incoming message
> stream (primarily syslog/udp) across our back-end syslog-ng
> receivers.
Are you really looking to load balance, or are you looking for
redundancy/failover?
If you are really looking for load balancing, you will need a good
solution for event correlation across systems, or you will need to
insert your events into some kind of shared DB or shared FS.
If you are looking for redundancy/failover, you might be better off
having your sources each send to multiple syslog server, with each
server on a different subnet. If your network supports proper routed
multicast and your hosts are using UDP syslog, you can save some
bandwidth by multicasting syslog -- although expect to have many
issues getting that working quite right.
- Morty
More information about the LogAnalysis
mailing list