Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Question How to design a reliable tcp based syslog system.

    Problem Question:
    I have a network device which is configured to send all its system logs to a tcp based Syslog server. This arrangement works fine if nothing unexpected happens at syslog server end. But what if the link goes down?
    What will happen to all the messages that is already present in retransmission queue (which are nothing but system logs) of tcp socket? How can my application running on network device can know what all logs have failed to reach the server?
    I f I am not wrong, communication between tcp layer and application layer is asynchronous.
    Is there any way to make it synchronous i.e application level acknowledgment between application itself and tcp layer?

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Hi and welcome

    You are right, with the regular syslog daemon it is not guaranteed that all client logs will reach the server.
    So if the server has an issue or there is an network outage, then logs will be lost.

    Depending on your usecase this may or may not be a problem.
    In a maintained and monitored network outages are minimal in my experience.

    Also, network appliances will usually offer no more than a regular syslog daemon, so your options are limited anyway.

    For the record:
    A very stable, reliable and verified logging can be implemented via Features rsyslog
    You will need it on both client and server, plus the initial setup time is higher compared to the regular syslog.
    You must always face the curtain with a bow.

  3. #3
    Hi lrithori,

    Thanks for the response. Got your point.

  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts