[HPADM] SUMMARY: syslog redirection

From: Timothy A Reed <treed21@xxxxxxx>
Date: Wed, 11 Jan 2006 08:13:56 -0700

Original question is at the bottom of this email. Thanks to:
Susan Pellerito
Mike Keighley
Bill Hassell
Martin Lodahl
David Lodge

All reminded me that since syslog communicates using UDP, if the central
server is down, entries will be lost. And most suggested keeping the
entries locally as well as sending to the central server so they will be
available if needed.

Most complete answer was from David Lodge:
Yes.

Syslog sends over UDP on a "broadcast and forget" concept. If there's
nobody to receive or the packet gets snarled up in the network traffic
then the message is lost.

There are ways to mitigate these issues:
1. Use some form of HA clustering to ensure that there is always a log
server available
2. Try and site the syslog server on the same subnet as your major
production systems (so traffic doesn't have to route through the network
core and minimises the risk of traffic loss)

If you're going ahead with this I would suggest having a look at
syslogng as this allows a lot more filtering techniques than standard
syslogd (e.g. load all syslogs directly into a database)

Thanks,
Tim Reed
Computer Scientist
Computer Sciences Corporation
treed21@xxxxxxx
---------------------------------------------------------------------------------------

Please note that this e-mail, including any attachments, contains
information that is subject to United States laws and regulations. The use
or further dissemination of these materials or information therein may be
prohibited by United States law.

----------------------------------------------------------------------------------------

This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.
----------------------------------------------------------------------------------------

----- Forwarded by Timothy A Reed/GIS/CSC on 01/11/2006 08:04 AM -----

Timothy A Reed
/GIS/CSC To: hpux-admin@xxxxxxxxxxxxx
cc:
01/10/2006 12:00 Subject: syslog redirection(Document link: Timothy A Reed)
PM

I'm being asked to route syslog messages to a central server. I know how to
configure syslog.conf to do that. My question is: what happens if the
central server is down or the network is unavailable? Will the message
forwarding just be lost (on the central server) or will they queue up on
the local server for later delivery? Will any additional messages be logged
to the local server about the communication failure?

Thanks,
Tim

Thanks,
Tim Reed
Computer Scientist
Computer Sciences Corporation
treed21@xxxxxxx
---------------------------------------------------------------------------------------

Please note that this e-mail, including any attachments, contains
information that is subject to United States laws and regulations. The use
or further dissemination of these materials or information therein may be
prohibited by United States law.

----------------------------------------------------------------------------------------

This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.
----------------------------------------------------------------------------------------

--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@xxxxxxxxxxxxx
Name: hpux-admin@xxxxxxxxxxxxx Owner: owner-hpux-admin@xxxxxxxxxxxxx

Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)

Prev by Date: [HPADM] syslog redirection
Next by Date: [HPADM] SUMMARY RE: Glance showing 100% disk I/O utilization incorrectly
Previous by thread: [HPADM] RE: Glance showing 100% disk I/O utilization incorrectly
Next by thread: [HPADM] SUMMARY RE: Glance showing 100% disk I/O utilization incorrectly
Index(es):
- Date
- Thread

Relevant Pages

Re: Need to implemet Syslog server
... >On my network I need to implement a Syslog server ... Pretty much everything but Windows will ... likely talk to syslog if told to, ... A great many other managed network devices support syslogging, ...
(Security-Basics)
Re: How to allow port 514?
... a packet filter allows traffic into the server itself. ... If you want to run your syslog on the server you would use a packet filter. ... In ISA Policy Elements, right click Protocol Definitions, ... in Publishing, right click Server ...
(microsoft.public.windows.server.sbs)
RE: Syslog Server on Debian Etch
... Syslog was working fine on the clients, I had it installed to a diff ... Is anyone else monitoring Juniper Netscreen firewalls? ... Syslog Server on Debian Etch ...
(Debian-User)
SUMMARY: forwarded syslog messages are missing originating hostname
... I am running Solaris 9 with the latest_recommended. ... to send their syslog messages to a central server, ... as a relay server to forward all syslog messages to a third server. ... originating servers hostname and state that they are only from the relay ...
(SunManagers)