Ping a Specific Port

Question

Ali Mezgani

Asked: 2017-02-08 14:11:22 +0800 CST2017-02-08 14:11:22 +0800 CST 2017-02-08 14:11:22 +0800 CST

Upgrade the os of a syslog-ng or rsyslog server

772

I run a RHEL server with rsyslog to collect my network logs, and by receiving a security bulletin alert I have to upgrade this server.

What is the strategy to upgrade this machine, knowing that many other machine's logs depend on this and on an OS update may be we are faced of many reboots ?

what is the comportment of other machine when rsyslog is not running.

NB: I add that the syslog client are appliances, some kind of SMG. And As known is that the appliance are limited on configuration side and tunning parameters.

2 Answers

Voted

Robert Fekete · Answer 1 · 2017-02-08T23:48:03+08:00

Robert Fekete

2017-02-08T23:48:03+08:002017-02-08T23:48:03+08:00

in this case when you are maintaining your logserver, you have to find an alternative way to store your log messages. You can

install a new server and redirect log traffic to this server during the maintenance (depending on how you store your log messages, you might need to move the files from this server to the original)
have the clients store the messages during server maintenance: syslog-ng Open Source Edition 3.9 and supports diskbuffers that can store messages temporarily on disk if the server is not available. You could upgrade your clients to this version and configure disk buffering
If you don't want or cannot upgrade your clients, you can combine the two previous options, and create a relay that collects the messages from the clients and forwards it to the server, but uses disk buffer during the server outage.

1

HBruijn · Answer 2 · 2017-02-08T14:51:46+08:00

HBruijn

2017-02-08T14:51:46+08:002017-02-08T14:51:46+08:00

As always it depends...

The traditional syslog protocol, based on UDP, is best effort. If the remote syslog server is not able to receive the syslog events, the transmitting syslog server(s) can't detect that and during that period all transmitted events are lost and no attempt is made to transmit them again.

If both your syslog-ng and all your transmitting syslog server(s) use the more advanced TCP protocol version, they can detect that the remote syslog server has broken the connection. Depending on the syslog daemon events might be buffered and transmitted later...

0

Upgrade the os of a syslog-ng or rsyslog server

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?