[syslog-ng] problem with server
Zoltán Pallagi
pzolee at balabit.hu
Fri Jan 22 23:57:43 CET 2010
Syslog-n tries to reconnect in every 60th seconds to server by default.
Perhaps, the first attempt was not succes and you need wait for the
second attempt so it can take 1-2 minutes.
If you reduce the "time_reopen()" on your _client's_ configuration, it
can be faster.
I also have an other theory, if you are using flow-control on client
side, and the server is a bit overloaded, syslog-ng can stop reading the
source (and sending to the server).
Just show a few debug lines after starting syslog-ng on client and a few
lines on server in the same time. (because syslog-ng will send a few log
about the state of connections, e.g.: accepted or closed)
2010.01.22. 22:11 keltezéssel, Rory Toma írta:
> The problem has been alleviated somewhat by moving to a 64-bit platform.
> Since these generally have a different set of tcp defaults, there is
> probably a tcp value(s) that need tuning. I do notice on this one, that
> after I reboot a client, it takes a few minutes for the logs to start
> flowing, but flow they do.
>
> I can show you the output, but it's quite long.
>
> On 1/22/10 1:26 AM, Zoltán Pallagi wrote:
>
>> Hi,
>>
>> Can you show me the output of "syslog-ng -Fevd" on your client after
>> restarting?
>>
>> (you can find more information about debugging syslog-ng on my blog:
>> http://pzolee.blogs.balabit.com/)
>>
>> Rory Toma írta:
>>
>>> I am using syslog-ng-3.0.4-1.rhel on a CentOS-5.4 system. I am using
>>> tls, and have a setup as below. Here is what happens. It logs fine.
>>> However, if I reboot my client that is sending logs, it no longer
>>> works until I restart the syslog-ng server. What do I need to do here?
>>>
>>> @version: 3.0
>>> options { flush_lines (3);
>>> time_reopen (10);
>>> log_fifo_size (1000);
>>> long_hostnames (off);
>>> use_dns (no);
>>> use_fqdn (no);
>>> create_dirs (yes); dir_perm (0755);
>>> keep_hostname (yes);
>>> ts_format("iso");
>>> };
>>>
>>> source telo {
>>> tcp( port(80)
>>> tls( key_file("/export/tls/key.pem")
>>> cert_file("/export/tls/cert.pem")
>>> peer_verify(optional-untrusted)) ); };
>>>
>>> # Myx destinations
>>> destination myx_dest_0000 {
>>> file("/logs/myx_008161000/$R_YEAR$R_MONTH$R_DAY/$HOS
>>> T-$R_YEAR$R_MONTH$R_DAY.log" owner(root) group(root) perm(0644)
>>> template("$YEAR-
>>> $MONTH-$DAY $HOUR:$MIN:$SEC $MSG\n") template_escape(no)); };
>>> filter myx_filter_0000 { host("myx_001861000[0-9A-F]\{3\}$"); };
>>> log { source(telo); filter(myx_filter_0000);
>>> destination(myx_dest_0000); };
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>>
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>>
>>>
>>>
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
--
pzolee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100122/47bfdafa/attachment-0001.htm
More information about the syslog-ng
mailing list