Nagios Support Forum

Can the log server be setup as a split setup. (example: can I have a collector is one location, that forwards all the collected logs to the Log Server that resides at a second location). Basically a satellite location log collector sending to the main Log server instance(s) at a corporate location.

Technically speaking, I believe logstash has the capability. However, this isn't the normal use case that we see, and NLS does not have the option for this built in.

With that said, I've seen customers simply forward all of their logs to a rsyslog server which then forwards to the NLS machine at x location.

The primary concern with the satellite site is space. So something to collect the logs for transmission to the NLS back at the corporate site would be ideal. Just wasn't sure if there was a way to spilt the NLS up to perform this or if we needed to employ another part, like the rsyslog you mentioned.

You can configure multiple outputs within NLS. You could have the machine in the satelite location configured with an output that ships all of it's data to the corporate location. Then the satelite location has access to all of it's local events and the corporate location gets a copy of them as well.

If the satellite location doesn't care to review the local events or do reporting, you could also use an rsyslog forwarder as @rkennedy mentioned. All the data would then be retained at the corporate location.

Thanks for the replies. Seems like a good thing to think about for NSL or to add some sort of forwarder feature.
This post can be closed for any future replies.