We want to take our single and lonely logserver down for maintenance. For now, there is no companion server in a cluster. Once this logserver goes down, there will be no place for the remote agents to send their logs. The question is, what will happen to the logs while our logserver is offline?
- Will the events occurring during this interval be lost? Hope not.
- Will they be queued up and resume sending when the logserver goes back online? Hope so.
- Since we're using TCP connections between the agents and the logserver, will the agents suffer congestion/constipation--holding their events in some huge buffer while waiting for the logserver to return to service?
Both types of our server senders (RHEL 6 and Ubuntu 12.04) are running Version 3.21.1 of the rsyslogd agent. So far, the Nagios logserver environment has been great--both reliable and useful. Is this enough information?
rsyslog will queue messages up to a point. That point is memory dependent. When it gets full, it blocks. This is the same as writing to local log file and running out of disk space. You can tell rsyslog to drop new messages if the queue fills up and/or to start queuing to local disk. Both of which are explained in rsyslog search engine results and beyond the scope of Nagios Log Server support.
