This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Syslog Processing & Potential Load Balancing

I have been thinking about the possibility of load balancing my syslogs between my primary NPM poller and my secondary polling engine.  By doing this if either one of those systems had to fail back to my hot-standby system all of the log would be automatically re-directed to the still functioning polling system.

I realize to do this I would need to turn on the syslog function on the secondary poller.  Aside from that, what other things would I have to do in order to get this to work?  Has anybody else done this before?

Also, are the syslog alerting rules stored and processed on the system that receives them?  In this case would I need to replicate all of my alerting and escalation rues for syslog on both systems?

I would really like to hear from somebody to find out if and how this may be possible, thanks in advance for any help on this!

Summary of my Questions:

  • Has this been done before and is it possible?
  • Where are the syslog alerting and escalation rules stored and processed?
    • Would I need to replicate these rules on both systems receiving syslogs?
  • Also, if this is possible with syslogs would this same concept also be possible for snmp traps?
  • Just wanted to post back, we are not ignoring you, we have the Dev team checking into this to ensure we provide you the proper answer.  Stayed tuned for a more complete response

  • Syslog rules are stored in the database. All polling engines (including hot-standby) will get the same set of rules from the database. Trap rules work the same way. Since all polling engines will be accessing the same database, there is no need for you to take any extra steps to replicate this configuration.

    So I think what you would need to do is set up something that can be the target of syslog and traps from all your devices and forward incoming syslog/traps on to the regular polling engine and the hot-standby. Orion can do this, but you may not want to set up a whole extra Orion instance just for this purpose. Our Kiwi Syslog Server product can do this for free for syslog messages. There's probably something out there lighter than Orion that can do it for traps, but I don't know of anything off the top of my head.

  • Tim

    Thanks for this information.  I was thinking about the possibility of using Windows Network Load Balancing with a front end IP that then load balanced between the different systems for traps and syslogs.  If I needed a more robust design I could potentially use a Foundry load balancer for this.

    One additional question I had was the possibility of bringing our Hot Standby System into the mix and load balancing across all three (main poller, additional poller, and Hot Standby) systems.  I see that the trap and syslog services exist on the Hot Standby, if I turn those services on will they pretty much function the same as on the other polling systems?

  • The Trap and Syslog services behave the same on hot standby as on regular polling engines. So sure, you could turn them on on your hot standby and include it in the load balancing mix.

  • Awesome, thanks for your feedback!