Hi! "Lucas, Sascha" <Sascha.Lucas@gisa.de> writes:
thanks a lot for interest. So here is my feedback:
Thanks a lot for your feedback, it's very valuable!
There are some mongo specific features we like to use, but they are missing atm: * use TTL collection (the nightly deletion is slow) -> store data type DATE
This is being worked on, and will likely be part of syslog-ng 3.5.
* store data type array for tags and classes (patterndb) -> makes it searchable by mongo
I have not started working on this yet, but once the type hinting support is in, adding this should be fairly painless.
And there are problems with syslog-ng itself (some reported earlier on this list):
* our network destination: Invalid byte sequence or other error while converting input, skipping character; encoding='UTF-8', char='0xf0'
I'm afraid I have nothing to offer for this problem at this time, will look into it as soon as I can find some time.
* a unknown problem, where syslog-ng stops logging/scrambles logs after (frequent) SIGHUP
Are you using file sources, by any chance?
* a unknown problem, where syslog-ng stops working and blocks most of the system: i.e. sshd or sudo waiting to log to /dev/log
We've seen something similar when the supress() option was used, that dead-locked syslog-ng in a few cases. There's also a race condition in afmongodb that was recently fixed in git, but that should not result in syslog-ng blocking (rather, it would lead to a crash, rarely). -- |8]