2004-02-24, k keltezéssel 22:49-kor Benoit DOLEZ ezt írta:

Hi,

When a connection broken is detected (error when writing a line to an invalid socket), the line that make the "connection broken" to be detected is definitly lost.

In a local file Feb 24 22:09:47 src@loki root: 10 11 12 13 14 15 16 17 18 19 20 21 22 23 Feb 24 22:09:48 src@loki root: 10 11 12 13 14 15 16 17 18 19 20 21 22 23 Feb 24 22:09:48 src@loki syslog-ng[18900]: Connection broken to AF_INET(127.0.0.1:40000), reopening in 60 seconds Feb 24 22:09:49 src@loki root: 10 11 12 13 14 15 16 17 18 19 20 21 22 23

In the remote process # nc -l -p 40000 (...) Feb 24 22:09:47 src@loki root: 10 11 12 13 14 15 16 17 18 19 20 21 22 23 <Ctrl-C>

# nc -l -p 40000 <43>Feb 24 22:09:48 src@loki syslog-ng[18900]: Connection broken to AF_INET(127.0.0.1:40000), reopening in 60 seconds <13>Feb 24 22:09:49 src@loki root: 10 11 12 13 14 15 16 17 18 19 20 21 22 23

le log line at Feb 24 22:09:48 is definitly lost, is it normal?

Currently (in the 1.6.x codebase) it is normal, at least this is a known behaviour. When syslog-ng writes a message and the connection was previously broken, the kernel does not report EPIPE immediately. Try strace-ing the syslog-ng process: 1) wait while the connection is established 2) break the connection (by stopping nc on the server side) 3) send another message to syslog-ng 4) see the write() call succeed 5) send another message to syslog-ng 6) see the write() call return an EPIPE Would the kernel return an EPIPE after 4), the message would not be lost. The solution is to continously monitor the server connection fd for reading, thus syslog-ng could spot when the connection is broken at the first place, but this would require big reorganizations in the 1.6.x codebase, thus it is not feasible. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1