You should send the syslog to a syslog server that is collecting/recieving it and writing it to the needed files and then have a universal forwarder read those files and load balance the to the cluster. Syslog does not do auto load balancing and you will end up with duplicates in your indexed that you will have to manually take care of.
We create a syslog-ng cluster for redundancy and they also are intermediate forwarders that all the deployment clients load balance against they then are the only ones that can connect to our indexers from external areas.
You should send the syslog to a syslog server that is collecting/recieving it and writing it to the needed files and then have a universal forwarder read those files and load balance the to the cluster. Syslog does not do auto load balancing and you will end up with duplicates in your indexed that you will have to manually take care of.
We create a syslog-ng cluster for redundancy and they also are intermediate forwarders that all the deployment clients load balance against they then are the only ones that can connect to our indexers from external areas.
Hello,
We have configured syslog server but looking for solutions to make it highly available. Can you provide some direction on that. Currently I am looking into HA Proxy and Pacemaker.
Thanks
Hemendra