How to configure rsyslog queues to multiple remote servers

Solution Verified - Updated -

Issue

  • Slowing down machine if syslog server not available
  • We had an issue where the syslog was slowing down a machine because one of the syslog servers was not available.
  • Currently we forward everything to 2 syslog servers with the following rules
     *.*             @@loghost1.example.org
     *.*             @@loghost2.example.org
  • What would be the best solution to prevent the system from slowing down? I was thinking of using queues.
   $WorkDirectory /var/spool/rsyslog 
   $ActionQueueType LinkedList     
   $ActionQueueFileName rsyslog 
   $ActionResumeRetryCount -1 
   $ActionQueueSaveOnShutdown on 
   $ActionResumeInterval 10
   $ActionQueueSize 50000 
   $ActionQueueDiscardMark 40000 
   $ActionQueueHighWaterMark 40000  
   $ActionQueueCheckpointInterval 100
   $ActionQueueMaxDiskSpace 2g
   $ActionQueueTimeoutEnqueue 10
   $ActionQueueDiscardSeverity 0
  • Is there better ways to solve this issue?
  • We don't like to use disk queues but just memory.
  • I guess I still need to define the QueueFileName as I have to use 2 different queues.
  • How can I prevent from dumping to disk?

Environment

  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • rsyslog

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content