Syslog and TCP
Working on an environment where a VIP was set up for asyslog environment. Syslog collection was receiving a very high volume of logs (over 200k per second).
The original setup was a stateless UDP VIP that did a very nice job of balancing the load across pools of servers (50).
Decision was made to move syslog to TCP to avoid losing syslog messages in transit. Now the behavior is an imbalance among the servers both from tcp connections (the servers typically keep a tcp connection open, so traffic doesn’t balance quickly to new servers), as well as some sending clients will send much higher volume of logs than others.
Is there a different VIP type that would better balance the traffic? Any other thoughts to get a better balance on a per-message basis while using TCP?