Re: [syslog-ng]Leaky syslog-ng files?
What does your config file look like, here is an ex, of mine, i use filters to to force the host to log to the text file. ## tking switch 192.168.3.254 destination 192.168.3.254 { file("/var/log/routers/tking-switch.log"); }; filter f_192.168.3.254 { host(192.168.3.254); }; log { source(net); filter(f_192.168.3.254); destination(192.168.3.254); }; michael http://vw.vermeer.org/syslog-ng/
rob@rascal.ca 01/19/02 18:23 PM >>> Hi everyone,
I'm pretty new to syslog-ng, but I really like it so far, except for one thing I can't figure out...(it could be a clueless newbie issue.) I'm using syslog-ng on FreeBSD 4.4 to log everything for about 10 cisco routers/switches right now, with about 30 more that will be added over the next week or two. I have them logging to separate files right now, and that works great, with newsyslog archiving stuff, etc etc. Works wonderfully. However, everything keeps leaking into my /var/log/messages file, which I don't want it to do. I *just* want it in their separate files. An example of what I use for filters is: filter f_gig2 { host("gig2-0"); }; And for log: log { source(src); filter(f_gig2); destination(gig2); }; And for destination: destination gig2 { file("/var/log/peer1/vancouver/gig2-0"); }; Anyone have any suggestions? Thanks in advance! -Rob. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
has anyone ever pushed the system until it choked as a form of Load-Testing and if so is there a list of the symptoms for the application and the OS/Stack under it seizing up? Todd Glassey ----- Original Message ----- From: "Michael Earls" <Michael.Earls@chmcc.org> To: <syslog-ng@lists.balabit.hu> Sent: Sunday, January 20, 2002 10:54 AM Subject: Re: [syslog-ng]Leaky syslog-ng files?
What does your config file look like, here is an ex, of mine, i use filters to to force the host to log to the text file.
## tking switch 192.168.3.254 destination 192.168.3.254 { file("/var/log/routers/tking-switch.log"); }; filter f_192.168.3.254 { host(192.168.3.254); }; log { source(net); filter(f_192.168.3.254); destination(192.168.3.254); };
michael
http://vw.vermeer.org/syslog-ng/
rob@rascal.ca 01/19/02 18:23 PM >>> Hi everyone,
I'm pretty new to syslog-ng, but I really like it so far, except for one thing I can't figure out...(it could be a clueless newbie issue.)
I'm using syslog-ng on FreeBSD 4.4 to log everything for about 10 cisco routers/switches right now, with about 30 more that will be added over the next week or two. I have them logging to separate files right now, and that works great, with newsyslog archiving stuff, etc etc. Works wonderfully. However, everything keeps leaking into my /var/log/messages file, which I don't want it to do. I *just* want it in their separate files.
An example of what I use for filters is:
filter f_gig2 { host("gig2-0"); };
And for log:
log { source(src); filter(f_gig2); destination(gig2); };
And for destination:
destination gig2 { file("/var/log/peer1/vancouver/gig2-0"); };
Anyone have any suggestions?
Thanks in advance!
-Rob.
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
todd glassey wrote:
has anyone ever pushed the system until it choked as a form of Load-Testing and if so is there a list of the symptoms for the application and the OS/Stack under it seizing up?
We are logging our complete zoo of network equipment to one syslog-ng process. Seems that more than 5 million messages per day are not the problem for a logd under Solaris 8. The only problem we see, is that it becomes harder and harder for the logd to send all the logs to their destinations in 'real time'. Standard unix file systems seems not to be fast enough. But using pipes as dests, there is the sync problem with the readers end of the pipe. So we note that message dropping can occur. Unfortunately the dropping stats of Bazsi doesn't work on a per-dest base. But at the moment we can survive with big queue sizes for some dests. -- Best regards --Andreas Schulze [phone: +49.5246.80.1275, fax: +49.5246.80.2275] | I believe, it was Dennis Ritchie who said something like: | "C is rarely the best language for a given task, | but it's often the second-best". | The implication being that: "[...]" | | sh# cat>$$.c<<EOT | main(l,a,n,d)char**a;{for(d=atoi(a[1])/10*80-atoi(a[2])/5-596;n="@NK\ | ACLCCGZAAQBEAADAFaISADJABBA^SNLGAQABDAXIMBAACTBATAHDBANZcEMMCCCCAAhE\ | IJFAEAAABAfHJETBdFLDAANEfDNBPHdBcBBBEA_AL H E L L O, W O R L D! " | [l++-3];)for(;n-->64;)putchar(!d+++33^l&1);} | EOT | gcc -o$$ $$.c;clear;./$$ 52 8;rm -f $$*
participants (3)
-
Andreas Schulze
-
Michael Earls
-
todd glassey