Hi Alex!

I've checked the attached config and logs, and it looks like syslog-ng cannot send logs to the "/dev/uds_log" destination, and you have flow-control enabled in the config.
Once you fill the disk-buffer (which is a 4MiB sized reliable disk-buffer), flow-control kicks in and syslog-ng stops reading more messages from the sources that are connected to this destination.

example log:
Destination reliable queue full, dropping message; filename='/tmp/syslog-ng-00016.rqf', queue_len='6063', mem_buf_size='2097152', disk_buf_size='4194304', persist_name='afsocket_dd_qfile(stream,localhost.afunix:/dev/uds_log)'

At first, I would suggest to increase the disk-buffer size.

Regards,
Gabor

From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <ASantos@infinera.com>
Sent: Tuesday, March 15, 2022 16:04
To: syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu>
Subject: [syslog-ng] Local sources seem not to be working
 
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

Hi,

 

I have syslog-ng 3.32.1 running in a Debian GNU/Linux 10 (buster) with the configuration in the attachement.

 

After sometime running, syslog-ng seems be unable to read from system() and internal() sources.

Log messages from syslog(ip(10.20.30.40) transport("udp") port(514) keep-alive(no)); are seen in the output folders.

Also journald logs are working fine.

 

After a reload of configuration in which what changes is this line:

rewrite r_host { set("MACHINE-${HOST}", value("HOST")); };

logging is resumed.

 

Here is the time gap for logs:

<43>1 2022-03-11T11:55:23.802+00:00 xmm4-1-1 syslog-ng 8283 - [meta sequenceId="767"] Last message 'Destination reliable' repeated 8933 times, suppressed by syslog-ng on xmm4-1-1

<46>1 2022-03-14T07:19:01.817+00:00 xmm4-1-1 syslog-ng 8283 - [meta sequenceId="1"] Module loaded and initialized successfully; module='syslogformat'

 

Do you know why this is happening?

 

Thanks & Regards,

Alex