Redundancy using multiple syslog destinations at agent

You can achieve the most basic type of redundancy in the special case where syslog sources (such as BMC Defender Agent for Windows) can be configured to have multiple destination addresses. This type of redundancy simply has each syslog source forward the data to two different addresses. This requires that syslog sources be configured to send data to more than one syslog receiver or client (that might not always be the case).

For those sites that are using the BMC Defender Windows and UNIX agents, you can configure the agent AuxAddress value (in the agent configuration file) so that syslog data is sent to two different servers.

As shown in the image, both servers receive the same data. Using this technique, the two different servers can be in different data centers, and one server can be optionally designated as the Master server. All data is reflected on both the servers so that no data is lost.

This type of configuration is especially suitable for Disaster Recovery situations, where a disaster at one data center does not affect the security posture of another data center, and all log data is completely recoverable (since the data is reflected at a completely different site).