Hi I solved the problem of the delay: syslog-ng wasn't delaying messages to the files. He was ignoring them alltogether. Syslog-ng did this because the name in the DNS (and the filter) was different than the hostname displayed in the syslog message itself. After I changed the DNS names to match the name appearing in the syslog message the problem vanished. Now messages are written according the sync drictive (i.e immediately :-)). I apologize for the head aches and wasted brain waves I caused because being a green newbie (bad newbie, bad, bad .... ;-)) TIA Paolo --- Balazs Scheidler <bazsi@balabit.hu> wrote:
On Tue, 2005-12-27 at 08:59 -0800, Paolo Supino wrote:
Hi
1. I checked weather /proc/kmsg is being read by 2 processes. It isn't. The only process reading the file is syslog-ng (and there is only 1 instance of syslog-ng running). 2. All systems that report to the syslog server have forward and backward resolving setup. Here is the output: forward lookup: # nslookup switch-01 Server: 192.168.200.101 Address: 192.168.200.101#53
Name: switch-01.company.net Address: 192.168.63.1
backward lookup: # nslookup 192.168.63.1 Server: 192.168.200.101 Address: 192.168.200.101#53
1.63.168.192.in-addr.arpa name = switch-01.company.net.
Everything looks OK ...
I understand that your DNS is set up correctly I was only wondering whether syslog-ng might block on DNS queries for some reason. I'm sure syslog-ng is doing something, either it is buffering data (because of sync) or is blocking on something.
-- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
__________________________________ Yahoo! for Good - Make a difference this year. http://brand.yahoo.com/cybergivingweek2005/