Rudder

The transport layer for the current logging system (Syslog) is modifying a very base-system daemon.
Additionally to handle any scaling issues, used over UDP, which is:
- unencrypted
- pretty fragile
+ does not hang
+ does not keep a contant TCP session to the policy server

You should consider different ways to relay the reports, where the main goals should be:

• one-shot upload of the reports of the last run
• use an encrypted way to secure the logfiles
• probably also sign it for security
• probably use something http-backed to utilize the already existing apache on the policy servers

For this you'd need to:

• collect the reports in a separate place for each run and upload it at the end (just like the inventory), and
• establish somekind of daemon that handles the forwarding of the uploaded inventories / logs, so you are not bound to whatever schedule the relays' agent have