Jump to content

LB VIP for syslog used by other devices


Go to solution Solved by Nicola Campaci,

Recommended Posts

Posted

I've been asked about setting up a new VIP to LB some Cribl servers acting as syslog collectors for various devices on the network.  This includes our firewalls so there will be a Lot of UDP connections going through this.  I'm wondering if others out there have any experience with load balancing syslog traffic?  Anything to watch for or gotchas?
Also, I see there is two protocols to choose from, SYSLOGUDP/SYSLOGTCP for the Vserver and service, but I can't find any documentation to describe if handles the traffic differently and/or the benefit vs just setting up TCP vserver?

Any thoughts or feedback is appreciated.

  • 3 weeks later...
  • Solution
Posted (edited)

Hi @Michael B


Balancing syslog servers is no different from balancing any other service.

Generally, the most commonly used protocol is UDP because it’s a connectionless datagram protocol. However, using TCP for syslog requires support both on your syslog servers and on the devices that will send the syslog events. TCP is a protocol with traffic control that, depending on latency or interference, retransmits any lost packets.

As you’ve confirmed, the service will receive a large number of logs, and in my opinion, UDP is highly efficient. However, the downside is that messages might be lost in cases of bandwidth saturation or connectivity flaps (though this has never happened to me).

With UDP, you’ll only need to use the ping monitor.

Here’s an example of a syslog UDP load balancer configuration:

#SERVERS
add server srv-syslog01 192.168.0.1
add server srv-syslog02 192.168.0.2

#SERVICEGROUP
add serviceGroup sg_syslog_network_UDP_514 UDP 
bind serviceGroup sg_syslog_network_UDP_514 -monitorName ping 
bind serviceGroup sg_syslog_network_UDP_514 srv-syslog01 514 
bind serviceGroup sg_syslog_network_UDP_514 srv-syslog02 514

#LBVSERVER
add lb vserver syslog_network_UDP_514 UDP 192.168.0.3 514 
bind lb vserver syslog_network_UDP_514 sg_syslog_network_UDP_514 

 

Edited by Nicola Campaci

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...