About lost of messages after syslog-ng stop
Hi all! What can I do to avoid that when I stop my syslog-ng client and apache server still logging to its files not lost all those messages? I mean, in the time that the syslog-ng client was not running, the apache continue working and logging data, but when I start the syslog client it don't send to the syslog-ng server the messages that apache logging when it was stopped. Here is part of what I think relevant of my configuration file: # apache message source source s_apache { # Apache2 access log source. file("/var/log/apache2/access.log" log_prefix("apache_access: ") follow_freq(1) flags(no-parse) ); # Apache2 access log source. file("/var/log/apache2/error.log" log_prefix("apache_error: ") follow_freq(1) flags(no-parse) ); }; # central log server destination d_tcp { tcp("10.8.2.227" port(514)); }; # apache logs to central server. log { source(s_apache); destination(d_tcp); flags(flow-control); }; All work fine, just worry about the lost of messages in case that the communication with syslog-ng server fail. I know that Premium Edition have the log_disk_fifo_size(), but that is the only way of do this? Nobody have a workaround for this so necessary feature using the Open Source Edition? Salute Frank Abel __________________________________________ Participe en Universidad 2008. 11 al 15 de febrero del 2008. Palacio de las Convenciones, Ciudad de la Habana, Cuba http://www.universidad2008.cu
Just to want clear something: I test right now stopping the syslog-ng server and inside the syslog-ng client log appear the following messages: " .... Nov 13 14:29:20 ubuntui38600.cujae.edu.cu syslog-ng[4889]: Connection failed; error='Connection refused (111)', time_reopen='10' Nov 13 14:29:30 ubuntui38600.cujae.edu.cu syslog-ng[4889]: Connection failed; error='Connection refused (111)', time_reopen='10' .... " with the server stopped, I hit some pages and apache generate messages to its the logs, then I start the syslog-ng server and the client sent to it all the pending messages, so the problem that I mention in my previous message about networking interruption and lost of messages don't exit, just remain the case when the syslog-ng client crash or die. Thanks and excuse me all these speech. Salute Frank Abel On Tue, 2007-11-13 at 14:18 -0500, Frank Abel Cancio Bello wrote:
Hi all!
What can I do to avoid that when I stop my syslog-ng client and apache server still logging to its files not lost all those messages? I mean, in the time that the syslog-ng client was not running, the apache continue working and logging data, but when I start the syslog client it don't send to the syslog-ng server the messages that apache logging when it was stopped.
Here is part of what I think relevant of my configuration file:
# apache message source source s_apache { # Apache2 access log source. file("/var/log/apache2/access.log" log_prefix("apache_access: ") follow_freq(1) flags(no-parse) );
# Apache2 access log source. file("/var/log/apache2/error.log" log_prefix("apache_error: ") follow_freq(1) flags(no-parse) ); };
# central log server destination d_tcp { tcp("10.8.2.227" port(514)); };
# apache logs to central server. log { source(s_apache); destination(d_tcp); flags(flow-control); };
All work fine, just worry about the lost of messages in case that the communication with syslog-ng server fail. I know that Premium Edition have the log_disk_fifo_size(), but that is the only way of do this? Nobody have a workaround for this so necessary feature using the Open Source Edition?
Salute Frank Abel
__________________________________________
Participe en Universidad 2008. 11 al 15 de febrero del 2008. Palacio de las Convenciones, Ciudad de la Habana, Cuba http://www.universidad2008.cu _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
__________________________________________ Participe en Universidad 2008. 11 al 15 de febrero del 2008. Palacio de las Convenciones, Ciudad de la Habana, Cuba http://www.universidad2008.cu
On Tue, 2007-11-13 at 14:18 -0500, Frank Abel Cancio Bello wrote:
Hi all!
What can I do to avoid that when I stop my syslog-ng client and apache server still logging to its files not lost all those messages? I mean, in the time that the syslog-ng client was not running, the apache continue working and logging data, but when I start the syslog client it don't send to the syslog-ng server the messages that apache logging when it was stopped.
Here is part of what I think relevant of my configuration file:
You did not include your syslog-ng version. 2.0.5 can remember the last position of the file accross restarts. -- Bazsi
Thanks a lot! I was using syslog-ng 2.0.0, the version that come with the last stable ubuntu server box (Gusty). I read http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/... and in version 2.0.3 the “1024 byte limitation of internally generated messages” and “support for remembering the last posistion of file sources across restarts” issues are solved. Now I will install the binary packages of the next ubuntu server box (Hardy), that fortunately seem that can be installed in Gusty without any other changes. Thanks again! Salute Frank Abel On Wed, 2007-11-14 at 08:42 +0100, Balazs Scheidler wrote:
On Tue, 2007-11-13 at 14:18 -0500, Frank Abel Cancio Bello wrote:
Hi all!
What can I do to avoid that when I stop my syslog-ng client and apache server still logging to its files not lost all those messages? I mean, in the time that the syslog-ng client was not running, the apache continue working and logging data, but when I start the syslog client it don't send to the syslog-ng server the messages that apache logging when it was stopped.
Here is part of what I think relevant of my configuration file:
You did not include your syslog-ng version. 2.0.5 can remember the last position of the file accross restarts.
__________________________________________ Participe en Universidad 2008. 11 al 15 de febrero del 2008. Palacio de las Convenciones, Ciudad de la Habana, Cuba http://www.universidad2008.cu
participants (2)
-
Balazs Scheidler
-
Frank Abel Cancio Bello