We are using syslog-ng to send access-log file to remote servers via tcp. And I already know that multiple destination can be configured to do this job, just like:
source s_xxx { file("/xxx/access.log"); };
destination d_one {tcp("1.2.3.4", port(1234));};
destination d_two {tcp("1.2.3.5", port(1234));};
log {source(s_xxx); destination(d_one); destination(d_two);};
What I am going to figure out is that how to poll my content to these two destinations(such as round-robin). In other words, my content is either sent to d_one or d_two, not both of them.
thanks very much.
Answer
My scenario is very similar: I have a syslog-ng collector that forwards messages to an analytic application. It became overloaded and I needed to split the load. I have no requirement for traffic on which to filter and I did not want to maintain a list of types. I simply wanted message by message to round-robin as you are seeking. I decided to use mod(%) to achieve this.
Syslog-ng OSE v3.7.2:
destination d_net_qr1 { network("ip1"); };
destination d_net_qr2 { network("ip2"); };
filter f_qr1 { "$(% ${RCPTID} 2)" eq "0" };
filter f_qr2 { "$(% ${RCPTID} 2)" eq "1" };
log { source(s_net); filter(f_qr1); destination(d_net_qr1); };
log { source(s_net); filter(f_qr2); destination(d_net_qr2); };