forward fail over not working ....

General discussions here

Moderator: rgerhards

Google Ads


forward fail over not working ....

Postby jdeich » Fri Nov 10, 2017 4:52 pm

( Posing here looking for help was not getting help in "configuration" )

We have an rsyslog use case where we use the configuration
snipet below in /etc/rsyslog.d/web-audit.conf

module(load="imfile" mode="inotify")

$template NPACFMT,"%msg% type=%syslogtag%"


ruleset(name="GENERAL") {
action(type="omfwd" Target="server01" Port="514" Protocol="tcp"
Template="NPACFMT")


action(type="omfwd" Target="server02" Port="514" Protocol="tcp"
Template="NPACFMT"
action.execOnlyWhenPreviousIsSuspended="on")

stop
}

input(type="imfile"
File="/logs/jboss/some_log_file.log"
Tag="general"
ruleset="GENERAL")

more file monitored below
.
.
.

<EOF>

The issue is is the fail-over in the rule set above. Which is
designed fail-over deliver to server02 when server01 is down.

The ports on these servers are tcp syslog ports to splunk heavy
forwarders on server01 and server02. Normal deliver works fine.
Fail-over delivery work fine as long as it is triggered by
shutting down the receiving splunk application.

_The problem comes if server1 fails or is rebooted. When these
server level failures happen, the fail-over to server2 does not
occur and delivery stops_. We think this may be due to the receiving
syslog port not shutting down neatly in tcp.

This post may be a good description of our issue:
http://lists.adiscon.net/pipermail/rsys ... 27912.html

We are using rsyslog 7.4.7 and don't seem to have 8+ version in our
repository and upgrading could present organizational issue.
We had want to use keep alive / heart beat testing, but it's not recognized.

Any help so our fail-over becomes more reliable with server issue would
be appreciated.
jdeich
jdeich
New
 
Posts: 2
Joined: Wed Oct 25, 2017 8:59 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Google Ads


Return to General

Who is online

Users browsing this forum: No registered users and 1 guest

cron