0

Is there a syslog server that syncs logs from remote machines even if machines lose connection or server loses connection?

It is less likely that server will lose connectivity but if remote machines work on really flaky 3g or wifi connection then it is possible that they will lose connection from time to time.

Is there any syslog server that will check to see if any all log messages have been missed and sync after connection gets established?

valentt
  • 857
  • 8
  • 19

1 Answers1

1

Whether this is even possible will depend on the implementation of SYSLOG on the sending machine. Syslog messages are commonly sent in UDP datagrams as covered by RFC5426, which does not guarantee reliable delivery and would make it impossible for a syslog server to do what you suggest.

RFC3195 covers possible methods for reliable delivery, but would need to be implemented at both ends.

The wide latitude in what constitutes a valid SYSLOG message (many fields are optional) would make it difficult, if not impossible, for a receiving system to detect missing messages. Message format is defined in RFC5424.

Community
  • 1
  • 1
  • It look like syslog-ng has application level protocol called RLTP (Reliable Log Transfer Protocol) which could be answer I'm looking for. Here is a video I saw it in first - http://www.youtube.com/watch?v=2Mx63-7-33o#t=84 It looks like RLTP is available only in syslog-ng Premium Edition: http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/features/comparison – valentt Jan 19 '14 at 20:05
  • 1
    If you don't exactly *need* the syslog protocol, just use a generic message queue. – Ivan Voras Jan 19 '14 at 20:51