An existing solution for transferring logs from webclusters to a logging host was updated for stability and flexability. The original solution used syslog-ng to transfer weblogs to a central syslog-ng host.
The solution was updated to:
- Cater for rsyslog aswell as syslog-ng
- Transfer ALL system logs to the central host
- Use a 2-node heartbeat/drbd cluster per datacentre for redundancy
- Hold customer data for specific time periods (as opposed to indefinitely)
- Transfer data to a final unified destination for log analysis