Michael B Posted October 31 Posted October 31 I've been asked about setting up a new VIP to LB some Cribl servers acting as syslog collectors for various devices on the network. This includes our firewalls so there will be a Lot of UDP connections going through this. I'm wondering if others out there have any experience with load balancing syslog traffic? Anything to watch for or gotchas? Also, I see there is two protocols to choose from, SYSLOGUDP/SYSLOGTCP for the Vserver and service, but I can't find any documentation to describe if handles the traffic differently and/or the benefit vs just setting up TCP vserver? Any thoughts or feedback is appreciated.
Solution Nicola Campaci Posted November 19 Solution Posted November 19 (edited) Hi @Michael B Balancing syslog servers is no different from balancing any other service. Generally, the most commonly used protocol is UDP because it’s a connectionless datagram protocol. However, using TCP for syslog requires support both on your syslog servers and on the devices that will send the syslog events. TCP is a protocol with traffic control that, depending on latency or interference, retransmits any lost packets. As you’ve confirmed, the service will receive a large number of logs, and in my opinion, UDP is highly efficient. However, the downside is that messages might be lost in cases of bandwidth saturation or connectivity flaps (though this has never happened to me). With UDP, you’ll only need to use the ping monitor. Here’s an example of a syslog UDP load balancer configuration: #SERVERS add server srv-syslog01 192.168.0.1 add server srv-syslog02 192.168.0.2 #SERVICEGROUP add serviceGroup sg_syslog_network_UDP_514 UDP bind serviceGroup sg_syslog_network_UDP_514 -monitorName ping bind serviceGroup sg_syslog_network_UDP_514 srv-syslog01 514 bind serviceGroup sg_syslog_network_UDP_514 srv-syslog02 514 #LBVSERVER add lb vserver syslog_network_UDP_514 UDP 192.168.0.3 514 bind lb vserver syslog_network_UDP_514 sg_syslog_network_UDP_514 Edited November 19 by Nicola Campaci
Michael B Posted November 19 Author Posted November 19 Thanks @Nicola Campaci I was thinking UDP but typed TCP lol.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now