Hi, It's looking like running all of our traps and syslog through a couple of relay devices (and then onwards to the various NMS's) would be quite a win for us. These relay devices just need to be "dumb" forwarders (we don't require any filtering or storing, just reflection), but we need an HA pair (across two sites) without creating duplicates. I have the coding skills to make this myself, but as coding skills come and go in our network team, we are looking for a commerical product so it will continnue to work after I get: hit by a bus / amnesia / visions of grandeur. Any recommendations / experience? This needs to scale to ~1,500 devices. Thanks, Sam
The free Kiwi Syslog Server will do this. Josh -----Original Message----- From: Sam Stickland [mailto:sam_mailinglists@spacething.org] Sent: Wednesday, March 04, 2009 3:52 AM To: NANOG list Subject: SNMP and syslog forwarders Hi, It's looking like running all of our traps and syslog through a couple of relay devices (and then onwards to the various NMS's) would be quite a win for us. These relay devices just need to be "dumb" forwarders (we don't require any filtering or storing, just reflection), but we need an HA pair (across two sites) without creating duplicates. I have the coding skills to make this myself, but as coding skills come and go in our network team, we are looking for a commerical product so it will continnue to work after I get: hit by a bus / amnesia / visions of grandeur. Any recommendations / experience? This needs to scale to ~1,500 devices. Thanks, Sam
Sam Stickland writes:
It's looking like running all of our traps and syslog through a couple of relay devices (and then onwards to the various NMS's) would be quite a win for us.
You can try the UDP samplicator: http://www.switch.ch/network/downloads/tf-tant/samplicator/ (The name indicates that it can also sample packets, but that is just an option that can be ignored for your application.)
These relay devices just need to be "dumb" forwarders (we don't require any filtering or storing, just reflection), but we need an HA pair (across two sites) without creating duplicates.
There is one complication with SNMP traps and also with typical Syslog packets: The IP source address carries important information that is not carried in the payload. So it's not sufficient for the relay to simply re-send the UDP datagrams without loss of information. Samplicator handles this with an option to spoof the IP source address when it resends the packets. (With this option, it must run as root, and you will have to drill holes in the ingress filters that you hopefully have even for your own servers. :-)
I have the coding skills to make this myself, but as coding skills come and go in our network team, we are looking for a commerical product so it will continnue to work after I get: hit by a bus / amnesia / visions of grandeur.
Not commercial, sorry. Maybe someone can sell you support for it (or life insurance). I should probably put it up on a code hosting service so that the community can maintain it.
Any recommendations / experience? This needs to scale to ~1,500 devices.
Shouldn't be a problem. The main trick is to ensure that the forwarder's UDP receive buffers are large enough to handle bursts that might arrive while the forwarder/server is catching its breath. Samplicator lets you tune this socket buffer size. -- Simon.
you can easily configure syslog-ng for forwarding/relaying syslog msgs to another box On Wed, Mar 4, 2009 at 1:51 AM, Sam Stickland <sam_mailinglists@spacething.org> wrote:
Hi,
It's looking like running all of our traps and syslog through a couple of relay devices (and then onwards to the various NMS's) would be quite a win for us.
These relay devices just need to be "dumb" forwarders (we don't require any filtering or storing, just reflection), but we need an HA pair (across two sites) without creating duplicates.
I have the coding skills to make this myself, but as coding skills come and go in our network team, we are looking for a commerical product so it will continnue to work after I get: hit by a bus / amnesia / visions of grandeur.
Any recommendations / experience? This needs to scale to ~1,500 devices.
Thanks,
Sam
participants (4)
-
Christian Koch
-
Sam Stickland
-
Simon Leinen
-
Stephens, Josh