[syslog-ng] Better performance between udp, unix-stream or pipe ?

Yann I. yann.frm at gmail.com
Tue Nov 16 18:13:38 CET 2010 

Well I'm not sure because of the flag I used for the UDP source which is set
to "no-parse".

Here is my problem. From the UDP source, I may receive logs which are not
"syslog compliance". So I'm using the flag 'no-parse' then I rewrite the
message. After that rewrite, I forward the new message to the same syslog-ng
server.
Then... I can apply filter, parser, etc on that new message which is now
"syslog compliance" :-)

So, I think I can't use log statement. I need to use that mecanism...
There might be another solution but this one seems to be a good solution.


2010/11/16 Martin Holste <mcholste at gmail.com>

> Ok, then this should be accomplished with a standard log statement
> like you've already begun to write.  What do your destinations look
> like?
>
> On Tue, Nov 16, 2010 at 10:58 AM, Yann I. <yann.frm at gmail.com> wrote:
> > In fact, this is the same process... There is only one process.
> >
> >
> > 2010/11/16 Martin Holste <mcholste at gmail.com>
> >>
> >> Why do you need separate syslog-ng processes running?
> >>
> >> On Tue, Nov 16, 2010 at 10:49 AM, Yann I. <yann.frm at gmail.com> wrote:
> >> > Hi !
> >> >
> >> > I have a question about the use of udp, unix-stream or pipe. I would
> >> > like to
> >> > forward a syslog message to the same syslog server like this :
> >> >
> >> > |  log {
> >> > |     source (s_r_udp);    (<-- listen on UDP/514)
> >> > |
> >> > |     filter (....);
> >> > |     filter (....);
> >> > |     parser (...);
> >> > |
> >> > |     destination (d_local_syslog);  (<-- send the message to a local
> >> > syslog
> >> > by using unix-stream, udp or pipe mecanism)
> >> > |  };
> >> >
> >> > (...)
> >> >
> >> > |  log {
> >> > |     source (s_local_syslog);    (<--- here I receive the messages
> sent
> >> > by
> >> > the "d_syslog_loop")
> >> > |
> >> > |     filter (...);
> >> > |     filter (...);
> >> > |     parser (...);
> >> > |
> >> > |     destination (d_remote_syslog);
> >> >
> >> > I'm looking for the better way to send syslog message to the same
> syslog
> >> > server : which mecanism provides the better performances : pipe, udp
> (by
> >> > using network) or unix-stream ?
> >> > Maybe the "pipe" is the better solution ?...
> >> >
> >> > I'm using the syslog-ng OSE 3.1.2 on CentOS.
> >> >
> >> > Regards,
> >> >
> >> > Yann I.
> >> >
> >> >
> >> >
> ______________________________________________________________________________
> >> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >> > Documentation:
> >> > http://www.balabit.com/support/documentation/?product=syslog-ng
> >> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >> >
> >> >
> >> >
> >>
> >>
> ______________________________________________________________________________
> >> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >> Documentation:
> >> http://www.balabit.com/support/documentation/?product=syslog-ng
> >> FAQ: http://www.campin.net/syslog-ng/faq.html
> >>
> >
> >
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101116/3a7925e0/attachment.htm

More information about the syslog-ng mailing list