Page 1 of 2
Load balancing NLS nodes
Posted: Mon Jun 15, 2015 1:46 pm
by stecino
Hello,
In my rsyslog forwarder rule I am currently pointing to an individual node to forward my logs to.
It is considered as single point of failure. If I replace this node (fqdn/IP address) with fqdn/IP address of an F5 VIP that points to the pool of 4 NLS nodes, will this work?
Theoretically this should work, just wanted to ask you guys first before I start setting things up
Thanks in advance.
Re: Load balancing NLS nodes
Posted: Mon Jun 15, 2015 1:54 pm
by jolson
This will work - but be sure not to re-write the source IP addresses of your sending hosts. If you re-write the IP addresses with the IP of your load-balancer, it will appear as if all of your logs are coming from the load balancer.
Re: Load balancing NLS nodes
Posted: Mon Jun 15, 2015 3:37 pm
by stecino
jolson wrote:This will work - but be sure not to re-write the source IP addresses of your sending hosts. If you re-write the IP addresses with the IP of your load-balancer, it will appear as if all of your logs are coming from the load balancer.
In what case will re-write happen?
Re: Load balancing NLS nodes
Posted: Mon Jun 15, 2015 3:39 pm
by jolson
It depends on the load balancer in question. It may or may not be default behavior - you will have to check your F5 balancer to find out.
Re: Load balancing NLS nodes
Posted: Mon Jun 15, 2015 3:56 pm
by stecino
jolson wrote:It depends on the load balancer in question. It may or may not be default behavior - you will have to check your F5 balancer to find out.
Got it, I will look into that
Re: Load balancing NLS nodes
Posted: Mon Jun 15, 2015 3:58 pm
by jolson
Sounds good. There's a very good discussion about this topic here if you'd like to read into it:
http://support.nagios.com/forum/viewtop ... 38&t=33005
Let us know what you find out. Thanks!
Best,
Jesse
Re: Load balancing NLS nodes
Posted: Mon Jun 15, 2015 4:10 pm
by stecino
Thanks I will look into it. I am also told that I have X-forwarding set on F5 it should pass the logsource IP trough. I will update you once implemented.
Re: Load balancing NLS nodes
Posted: Mon Jun 15, 2015 4:14 pm
by jolson
Sounds great! I look forward to your results.
In addition to what has been stated, you should be aware of the 'cluster hostname' setting - this will allow you to implement a consistent hostname across your instances, if that's something that you'd like to set while you're doing load-balancing.
2015-06-15 16_12_42-Global Settings • Nagios Log Server - Firefox Developer Edition.png
Re: Load balancing NLS nodes
Posted: Thu Jun 18, 2015 6:40 pm
by stecino
jolson wrote:Sounds great! I look forward to your results.
In addition to what has been stated, you should be aware of the 'cluster hostname' setting - this will allow you to implement a consistent hostname across your instances, if that's something that you'd like to set while you're doing load-balancing.
2015-06-15 16_12_42-Global Settings • Nagios Log Server - Firefox Developer Edition.png
So is this the fqdn of the VIP? I am not sure I follow.
Also I have setup the VIP, it's listening on 5544 port, profile is set to UDP. I updated one of the logsources, to point to the VIP. Datagram Stats for Recieved and Transmitted show that there is traffic, but Packets don't seem to be going out, as no more events are being recorded for that host. Something definitely being passed
Re: Load balancing NLS nodes
Posted: Fri Jun 19, 2015 10:57 am
by jolson
Say you have a DNS name that resolves to all of your NLS boxes - nls1.nagios.local resolves to 192.168.1.1 -or- 192.168.1.2 -or- 192.168.1.3.
At this point, you would set the 'cluster hostname' to 'nls1.nagios.local'. This will configure all of the nodes in your cluster to be aware of that dns name - it will also set your alert messages to point to nls1.nagios.local instead of the default 127.0.0.1.
Does that make sense?
Also I have setup the VIP, it's listening on 5544 port, profile is set to UDP. I updated one of the logsources, to point to the VIP. Datagram Stats for Recieved and Transmitted show that there is traffic, but Packets don't seem to be going out, as no more events are being recorded for that host. Something definitely being passed
Are the packets from this host showing up on any of the NLS nodes? You can run a tcpdump to verify:
Code: Select all
yum install tcpdump
tcpdump -n host 192.168.x.x and dst port 5544
Where 192.168.x.x is the IP address of the sending host. You should run the above commands on each NLS node and see whether any of them are receiving traffic from the host in question.