1
answer

I have a NXLog service running in Windows Server shipping event logs. It has 2 destinations, 1 is TCP sending logs to syslog_ng and another is GLEF UDP.

When my syslog_ng server goes offline, the logs I'm receiving at the GLEF UDP output also stops. Is there any way to make NXlog send the logs to the other output/route even if one output/route fails?

Config:


Module om_tcp
Host 192.168.1.11
Port 25002
Exec to_syslog_snare();

Module om_udp
Host 192.168.1.12
Port 51416
OutputType GELF

Path in => out

Path in => analyze

 

AskedJanuary 6, 2017 - 1:35pm

Answer (1)

NXLog doesn't send to the UDP destination because of flow-control which is enabled by default. It is possible to disable FlowControl. Note that in this case messages will be lost during the time the tcp connection is down. You could add pm_buffer instead so that your messages are kept in a local buffer during that time and once your syslog-ng is reachable everything will be sent.

 

AnsweredJanuary 8, 2017 - 4:18pm