Is there any way we can get the logs in the timeperiod when the server is down?

dduke

Hi All, I need some info , I'm trying to migrate existing syslog server to cribl stream , I have a doubt if the cribl server shuts down for any reason , Is there any way we can get the logs in the timeperiod when the server is down. Note : I'm having only one syslog server.

xpac xpac

With a single box, no, it's the same as with your current Syslog server. If the service is down, logs usually get lost because most Syslog sources can't buffer

dduke

is there way so that we can get all the data with single server

xpac xpac

No, you will always have the potential of loss. Even with multiple servers, and a load balanced solution, you might run into data loss. Engineering a completely lossless solution is a lot harder than it sounds

dduke

thanks for the response. In your opinion what is the ideal solution to collect syslog data using cribl.

xpac xpac

Well, I'd still use Cribl. You can use multiple workers plus load balancer to reduce the chance of loss.

dduke

thanks.

David Maislin

https://cribl.io/blog/syslog/ is a three part blog on this very topic.