I am utilizing HA_Proxy for TCP load balancing and my configuration is
(Keepalive Virtual IP -> Ha_Proxy -> syslog-ng -> source_ip.log).
When receiving TCP payloads which are multi line the first line is
forwarded appropriately to the source IP log file and rest of the payload
goes to a secondary file with the Virtual IP address which means my logs
for those devices are split into 2 log files and the secondary file does
not contain the source.
Now the key is that when I remove HA_PROXY from the equation and only
utilize (Keepalive Virtual IP -> syslog-ng -> source_ip.log) I only have 1
file per source and even the multi-line is added to the appropriate source
file.
Wondering if anyone has experienced this issue and how they resolved it.
Any help would be greatly appreciated
Sincerely,
Michael
