Re: [syslog-ng] syslog-ng and log4j

10 Mar 2008


      On Mon, 2008-03-10 at 12:33 +0000, Sigurður Bjarnason wrote:
...
Well,
The log4j client is sending to the local client and that client is sending to the central server..  however... I am seeing drop in logs :(
options { create_dirs(yes);
          dir_perm(0755);
    dir_owner(root);
    dir_group(root);
          perm(0600);
          owner(root);
    group(root);
          chain_hostnames(no);
          keep_hostname(yes);
          stats(900);
          use_time_recvd(yes);
          time_reopen(5); };
source local {
        pipe("/proc/kmsg");
        unix-stream("/dev/log");
        internal();
        udp(port(514));
        tcp(port(514) keep-alive(yes) max-connections(5)); };
## send everything to loghost too in case of 2x syslog servers
destination syslog-server-1 { tcp("192.168.1.150" port(514));};
destination syslog-server-2 { tcp("192.168.1.151" port(514));};
log { source(local); destination(syslog-server-1);destination(syslog-server-2);};
this is my local syslog-ng client config, if I take the udp port part out.. no logs arrive from log4j.
if log4j can only use UDP, then increase the receive buffer of syslog-ng
(so_rcvbuf option, and /proc/sys/net/core/rmem_max setting on Linux)

-- 
Bazsi

Re: [syslog-ng] syslog-ng and log4j

Balazs Scheidler