Greetings. I'm
running syslog-ng 1.4.11 and am having trouble getting the tcp destination to
work reliably. My major concern is with what happens when the receiving end of
the tcp link is reset. In my scenario I have one syslog-ng machine forwarding
messages to another syslog-ng machine using a tcp() destination on one end and a
tcp() source on the other. All works fine until I interrupt the socket on the
receiving machine. Rebooting, HUP'ing syslog-ng, etc all cause the logs to stop
coming in. I assume that the sender is simply trying to write the messages to an
existing TCP socket and failing. What happens to these messages (are they queued
anywhere for later delivery?), and is there anything that I can do to ensure
that messages continue to flow when the receiver comes back up? Losing messages
while the receiving end if offline is an acceptable loss, but when it comes back
up, I would really like it to continue to receive. In the current scenario I
have to restart every syslog-ng machine that is forwarding messages to my
central logger when I change its configuration, this is definitely not
sane.
Anyone with
hints/tips for setting up TCP based messaging, please contact
me.
Chris Sibbitt
JetNet Internetworking Services Inc.
Providing Secure Internet Communications
Phone
613-271-6220x228
FAX
613-271-6229
Email csibbitt@jetnet.ca
Web www.jetnet.ca