Design: strict network design with multiple security zones, nxlog client on all Linux servers forward logs to local zone Collector (nxlog listen on 0.0.0.0 port 514), zone collectors forward to single master collectors, master collectors dump all incoming into a dump file for long time storage + forward to a SIEM.
This has worked OK for a year, albeit with a few glitches, but recently we have experienced that the Master collectors stop writing to dump file (apparentely at random), yet the nxlog service remains up and running. Fix is to restart the nxlog service.
All collectors have defined buffers - could there something wrong with that part of the setup?
All suggestions are welcome :)