Multiple syslog server support
BMC AMI Defender and CZASEND can support multiple destination syslog servers (subject to memory constraints). You can code multiple alternative server IP addresses for these servers. All SERVER parameter specifications, except for the PROTOcol specification, must be the same for all server IP addresses. Therefore, the TRANSport specification (UDP or TCP) and maximum message length applies to all IP addresses. For more information, see SERVER statement.
The treatment of multiple server IP addresses differs depending on whether you specify UDP or TCP (including SSL and TLS):
- UDP—BMC AMI Defender and CZASEND send all syslog messages to all of the specified addresses. The order in which they are specified is not significant.
- TCP, SSL, and TLS—If BMC AMI Defender or CZASEND receives an IP error when communicating with the primary syslog server, it switches to the first alternative, then the second, and so on. The product issues console and CZAPRINT messages documenting the switch.
The order of ALTERNate specifications is significant: the first becomes alternative 1, the second becomes alternative 2, and so on. BMC AMI Defender tries them in that order and validates the connectivity to each server address on startup.
When you refresh a parameter file, the product first tries to connect to the server with which it had the last connection based on the server address, not the server number.
TCP/IP error recovery
When a syslog protocol TCP/IP error occurs, BMC AMI Defender cannot determine how many messages were not delivered except for the message it just tried to send (that is usually also not delivered).
BMC AMI Defender supports the SERVER parameter REXMIT(n) specification, where n defaults to 2 and can have any value from 1 through 20 (where 20 is an arbitrary reasonableness check). If BMC AMI Defender encounters a TCP/IP session failure and starts a new session with an alternate server IP address, it retransmits the same number of preceding messages.
To prevent duplicates, specify REXMIT(1). If you can tolerate duplicates but want to minimize the number of messages that are lost due to an error, specify REXMIT(20). The default specification, REXMIT(2), is a compromise between the two extremes.