We have a central syslog server, A (linux, centos 5.7), which has historically acted as a central syslog server for several other servers. It runs syslog. We have also tried rsyslog.

There is a new requirement from an external agency that we need to gain acceptance from to have a second syslog server, B (linux, centos 6.6) doing exactly the same thing. ie we end up with two syslog servers. This is fine in itself.

however... each syslog server needs to log its own logging to the other. So events on A get logged on B, and B's get logged on A.

The problem we have discovered, is that when A logs its own (A's) events on B, B then interprets that as a logged event local to B - so logs it on A! which then reciprocates and ... you're there I am sure... interprets that as a logged event on A and so logs it back to B. So we end up ina horrible loop of exponentially increasing logs.

The external agency insists this is done, and that "everybody else" does it... but offers no suggestions as to how to achieve this. We are stuck now...

Does anybody have any ideas/solutions as to how several servers can log to A & B, and A & B log to each other, without everything arriving on either A & B also being relogged on the other continually?



cheers

Ian