On Mon, 14 Sep 2015, Kaushal Shriyan wrote:
Hi,
I have been reading rsyslog documentation for setting up rsyslog client
server configurations. I am not sure if i understand the sentence "A Linux
host running rsyslog can send all or individual logs to another rsyslog
host over a TCP or UDP connection."
I will appreciate if someone can help me understand on what context i
should use tcp or udp.
UDP is fire-and-forget, if there is a network problem, or the destination is
down, the sender doesn't know about it and the message will be lost.
TCP will handle some network interruptions and still get the message through,
but can still loose messages if the connection is cut or the destination system
reboots. TCP has the disadvantage that if the receiving system is having
problems, the sending system will keep all the messages it's trying to send, and
if the sending system runs out of queue space, the sending system will stop
(unable to login, whatever service is attempting to write logs will stop, etc)
RELP handles far more types of errors, but has the same type of problem that TCP
can have when things go wrong.
If you are sending to a system on the same network, I recommend using UDP, if
you are sending things through a bottleneck, you should look at TCP or RELP, but
keep the drawbacks in mind and setup appropriate sized buffers.
I recommend that everything send it's logs to a local relay box, and that relay
box be configured for the reliable delivery to remote systems. That way you
queue/reliability settings only need to happen on the relay boxes (you do make
them HA right?) not on every system.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
