1
response

I have a NXLog service running in Windows Server shipping event logs. It has 2 destinations, 1 is TCP sending logs to syslog_ng and another is GLEF UDP.

When my syslog_ng server goes offline, the logs I'm receiving at the GLEF UDP output also stops. Is there any way to make NXlog send the logs to the other output/route even if one output/route fails?

Config:

​
    Module      om_tcp
    Host        192.168.1.11
    Port        25002
    Exec        to_syslog_snare();
 
    Module      om_udp
    Host        192.168.1.12
    Port        51416
    OutputType  GELF

    Path        in => out

    Path        in => analyze

 

AskedJanuary 6, 2017 - 1:35pm

Answer (1)

NXLog doesn't send to the UDP destination because of flow-control which is enabled by default. It is possible to disable FlowControl. Note that in this case messages will be lost during the time the tcp connection is down. You could add pm_buffer instead so that your messages are kept in a local buffer during that time and once your syslog-ng is reachable everything will be sent.