2

For redundancy, every host in our distributed network sends its syslog messages to two dedicated rsyslog-nodes. These in turn send syslogs to a central graylog instance:

    / rsyslog \
host           --> graylog  
    \ rsyslog /

Now every log-message gets duplicated!

Question: How can we keep the redundancy but remove duplicates? Does fluentd have a way to deal with this? Or any other opensource software designed to aggregate log-messages? We do not want to include much more complexity to the whole setup, but inserting one additional component is fine.

4

1 回答 1

0

AKAIK,没有内置重复数据删除消息的开源软件,因为这些要求是特定于应用程序的。我们可以用主节点实现这样的消息处理,但它存在性能/可扩展性问题。

我们有几种方法来放松问题。

于 2015-03-02T19:40:50.667 回答