Greetings, Trying to see what happens when syslog-ng (Version 1.4.14 on Solaris 8) gets HUP'ed, as my logrotate scripts will do, while it's receiving UDP data. Using the stresstes.sh script on another host (which is using the syslog-ng box as a loghost), a stream of messages will be sent. The while loop was changed to: while [ "$i" -lt "1000" ] After the script ran, a "cat messages | wc -l" was done against the log and the results would be approx 995 lines (probably because it's UDP). Then I'd move the file and HUP syslog-ng and retested a few more times. Same results each time. Next, while stresstest.sh was running, syslog-ng would be HUP'ed two or three times. After every test the "cat messages | wc -l" would show between 965 - 975 lines. My questions: How can I prevent messages from being lost when syslog-ng gets HUP'ed? Is it due to a config file error? From reading archived logs I found this wouldn't happen with TCP but I didn't see any information about UDP. My config file: ------------ options { sync(0); create_dirs(yes); use_fqdn(yes); keep_hostname(yes); }; source src { sun-streams("/dev/log" door("/etc/.syslog_door")); udp(); internal(); }; destination d_cisco { file("/opt/logs/cisco.log"); }; destination d_other { file("/var/log/syslog-ng/$HOST/messages" sync(0) create_dirs(yes)); }; destination d_adm { file("/var/log/syslog-ng/$HOST/sysmsg" sync(0) create_dirs(yes)); }; filter f_cisco { facility(local4); }; # stuff that would go into /var/log/messages filter f_messages { level(info..warn) and not facility(auth, auth, mail, news, local4); }; filter f_daemonlog { facility(daemon) and level (info,warn,notice,err,crit,alert,emerg); }; log { source(src); filter(f_cisco); destination(d_cisco); }; log { source(src); filter(f_messages); destination(d_other); }; log { source(src); filter(f_daemonlog); destination(d_adm); }; ------------ Thanks, UK
On Wed, Dec 12, 2001 at 10:40:25AM -0600, UK wrote:
Greetings,
Trying to see what happens when syslog-ng (Version 1.4.14 on Solaris 8) gets HUP'ed, as my logrotate scripts will do, while it's receiving UDP data. Using the stresstes.sh script on another host (which is using the syslog-ng box as a loghost), a stream of messages will be sent. The while loop was changed to:
while [ "$i" -lt "1000" ]
After the script ran, a "cat messages | wc -l" was done against the log and the results would be approx 995 lines (probably because it's UDP). Then I'd move the file and HUP syslog-ng and retested a few more times. Same results each time.
Next, while stresstest.sh was running, syslog-ng would be HUP'ed two or three times. After every test the "cat messages | wc -l" would show between 965 - 975 lines.
When syslog-ng receives a HUP signal it closes and reopens all listening sockets. Because this takes some time, it may be responsible for the data loss. There was a request in private mail to add a keep-listener-alive() option, which would avoid this close operation, which could help a bit, this is however a todo item, and not reality. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
Follow-up question: To rotate logs, should I be sending a HUP to syslog-ng or is there another way to accomplish this? Thanks again, UK -----Original Message----- From: UK [mailto:uking@us.ibm.com] Sent: Wednesday, December 12, 2001 10:40 AM To: syslog-ng@lists.balabit.hu Subject: HUP'ing syslog-ng causes data loss When syslog-ng receives a HUP signal it closes and reopens all listening sockets. Because this takes some time, it may be responsible for the data loss. There was a request in private mail to add a keep-listener-alive() option, which would avoid this close operation, which could help a bit, this is however a todo item, and not reality. -- Bazsi On Wed, Dec 12, 2001 at 10:40:25AM -0600, UK wrote:
Greetings,
Trying to see what happens when syslog-ng (Version 1.4.14 on Solaris 8) gets HUP'ed, as my logrotate scripts will do, while it's receiving UDP data. Using the stresstes.sh script on another host (which is using the syslog-ng box as a loghost), a stream of messages will be sent. The while loop was changed to:
while [ "$i" -lt "1000" ]
After the script ran, a "cat messages | wc -l" was done against the log and the results would be approx 995 lines (probably because it's UDP). Then I'd move the file and HUP syslog-ng and retested a few more times. Same results each time.
Next, while stresstest.sh was running, syslog-ng would be HUP'ed two or three times. After every test the "cat messages | wc -l" would show between 965 - 975 lines.
On Tue, Dec 18, 2001 at 01:53:19PM -0600, UK wrote:
Follow-up question:
To rotate logs, should I be sending a HUP to syslog-ng or is there another way to accomplish this?
in 1.5.x there's a hackish way to make syslog-ng reopen its files, but probably it will be discontinued, and a similar feature will be provided. there's a remote_control destination driver, which has some limited ways controlling syslog-ng, with the means of log messages. so create a log path which sends messages to this driver (probably a separate source should be created for this purpose). To reopen a file without HUP signal, just send a message to this driver containing the full path and filename of the file to be reopened. so something like this should be used: source s_ctrl { pipe("/var/run/syslog-ng-ctl"); }; destination d_ctrl { remote_control(); }; log { source(s_ctrl); destination(d_ctrl); }; and reopen a file this way: echo /var/log/messages > /var/run/syslog-ng-ctl (of course /var/run/syslog-ng-ctl should be created using mkfifo) -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
participants (2)
-
Balazs Scheidler
-
UK