Balazs Scheidler on Thu 9/11 18:10 +0100:
Thanks for your help. After strace-ing I found that the culprit was DNS. DNS lookups were blocking the daemon.
Adding use_dns(no) to the global config fixed the problem. Messages are now being written to disk in real time and I am losing nothing!
Now, if I want my 'pretty' directory structure and filenames do I add my remote machines to /etc/hosts or do I make my syslog-ng machine a caching name server? Will these block?
a caching nameserver should help, though syslog-ng can still block for a while on DNS queries. you could filter out hosts that might not be resolvable with ipchains or ipfwadm (or the packet filter your OS has)
It might be a good idea to port syslog-ng to the adns resolver library, which is non-blocking, like most of the rest of syslog-ng. Just something to think about.