Hi All,I need some info , I'm trying to migrate existing syslog server to cribl stream , I have a doubt if the cribl server shuts down for any reason , Is there any way we can get the logs in the timeperiod when the server is down.Note : I'm having only one syslog server.
Page 1 / 1
With a single box, no, it's the same as with your current Syslog server. If the service is down, logs usually get lost because most Syslog sources can't buffer
is there way so that we can get all the data with single server
No, you will always have the potential of loss. Even with multiple servers, and a load balanced solution, you might run into data loss. Engineering a completely lossless solution is a lot harder than it sounds
thanks for the response. In your opinion what is the ideal solution to collect syslog data using cribl.
Well, I'd still use Cribl. You can use multiple workers plus load balancer to reduce the chance of loss.
thanks.
https://cribl.io/blog/syslog/ is a three part blog on this very topic.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.