Howdy,
I'm trying to setup a load balanced system with
several web servers and one central log server. Currently I have syslog-ng
running and pipe the output form apache to logger. This is all running locally
on one box. However, syslog-ng just randomly hangs and apache stop
processing requests. I can restart apache and it still does not respond, but i
can just restart syslog-ng and then it all starts working again. Is
syslog-ng designed to handle this kinda of load, around 3 million entries a day?
I have been googling for hours and can only find some comments
about log_fifo_size and reap_time in the options section?
here is my current config, if that helps
any
options { sync
(0);
time_reopen
(10);
log_fifo_size
(1000);
long_hostnames
(off);
use_dns
(no);
use_fqdn
(no);
create_dirs
(no);
keep_hostname
(yes);
};
destination d_http_access {
file("/var/log/HTTP/$YEAR-$MONTH-$DAY/$YEAR-$MONTH-$DAY.accesslog" owner(root)
group(root) perm(0600) dir_perm(0700) create_dirs(\
yes)); };
destination
d_http_search {
file("/var/log/HTTP/$YEAR-$MONTH-$DAY/$YEAR-$MONTH-$DAY.searchlog" owner(root)
group(root) perm(0600) dir_perm(0700) create_dirs(\
yes)); };
destination
d_http_error { file("/var/log/HTTP/$YEAR-$MONTH-$DAY/$YEAR-$MONTH-$DAY.errorlog"
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(ye\
s));
};
filter f_http_access {
match("APACHE_ACCESS_LOG")
and
not match("test.html"); };
filter f_http_search {
match("APACHE_ACCESS_LOG")
and
match("/content/search"); };
filter f_http_error {
match("APACHE_ERR_LOG"); };
log { source(s_sys); filter(f_http_access);
destination(d_http_access); };
#Log httpd search access logs
log {
source(s_sys); filter(f_http_search); destination(d_http_search); };
#Log
httpd error logs
log { source(s_sys); filter(f_http_error);
destination(d_http_error); };
###################################################3
httpd.conf log line
CustomLog "|/usr/bin/logger -p local0.info -t
APACHE_ACCESS_LOG" tracking