I am using syslog-ng to retrieve logs from a file to another host which is in the same network with the sender.
My configuration looks like this:
source file_source {
file("/var/log/messages" follow-freq(2));
};
destination remote_host {
network("remote_ip"
transport("tcp")
port(514)
);
};
log {
source(file_source);
destination(remote_host);
};
In normal cases it works perfectly, however the network is interrupted at some stages and this causes some logs to being missed. I tried to use tcp instead of udp but it didn't helped.
What is the good approach for having a reliable connection, forcing syslog-ng to keep track of arrived messages and retries new messages?
Thank you!
I tried to use TCP instead of UDP to mitigate the issue. But it didn't make any difference.