Hi All My first time on this list so be gentle J I have questions about syslog-ng and log4j. I am using syslog-ng as central server with syslog-ng on clients forwarding logs to the central server and I have notice that logs from java ( log4j ) are being dropped under heavy load, so I did some investigating and found out that log4j only send on UDP rather then TCP like all other logs . Is it possible to get log4j to send logs over TCP by sending logs from java to socket or otherwise, I would guess that log4j is not capable of sending logs to TCP since I have tried to take the udp section out of the syslog-ng config and then no logs are received from java L Can please someone tell me what my options are here, I really need to get logs from java over to the central server without this drop since these are the most critical logs on my system . Regards Siggi
On Mon, 2008-03-03 at 15:30 +0000, Sigurður Bjarnason wrote:
Hi All
My first time on this list so be gentle J
I have questions about syslog-ng and log4j.
I am using syslog-ng as central server with syslog-ng on clients forwarding logs to the central server and I have notice that logs from java ( log4j ) are being dropped under heavy load, so I did some investigating and found out that log4j only send on UDP rather then TCP like all other logs .
Is it possible to get log4j to send logs over TCP by sending logs from java to socket or otherwise, I would guess that log4j is not capable of sending logs to TCP since I have tried to take the udp section out of the syslog-ng config and then no logs are received from java L
Can please someone tell me what my options are here, I really need to get logs from java over to the central server without this drop since these are the most critical logs on my system .
Can you configure log4j to send messages to a local syslog-ng process and then have that process send out messages via TCP? -- Bazsi
Well, The log4j client is sending to the local client and that client is sending to the central server.. however... I am seeing drop in logs :( options { create_dirs(yes); dir_perm(0755); dir_owner(root); dir_group(root); perm(0600); owner(root); group(root); chain_hostnames(no); keep_hostname(yes); stats(900); use_time_recvd(yes); time_reopen(5); }; source local { pipe("/proc/kmsg"); unix-stream("/dev/log"); internal(); udp(port(514)); tcp(port(514) keep-alive(yes) max-connections(5)); }; ## send everything to loghost too in case of 2x syslog servers destination syslog-server-1 { tcp("192.168.1.150" port(514));}; destination syslog-server-2 { tcp("192.168.1.151" port(514));}; log { source(local); destination(syslog-server-1);destination(syslog-server-2);}; this is my local syslog-ng client config, if I take the udp port part out.. no logs arrive from log4j. Regards Siggi -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Balazs Scheidler Sent: 10. mars 2008 11:41 To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] syslog-ng and log4j On Mon, 2008-03-03 at 15:30 +0000, Sigurður Bjarnason wrote:
Hi All
My first time on this list so be gentle J
I have questions about syslog-ng and log4j.
I am using syslog-ng as central server with syslog-ng on clients forwarding logs to the central server and I have notice that logs from java ( log4j ) are being dropped under heavy load, so I did some investigating and found out that log4j only send on UDP rather then TCP like all other logs .
Is it possible to get log4j to send logs over TCP by sending logs from java to socket or otherwise, I would guess that log4j is not capable of sending logs to TCP since I have tried to take the udp section out of the syslog-ng config and then no logs are received from java L
Can please someone tell me what my options are here, I really need to get logs from java over to the central server without this drop since these are the most critical logs on my system .
Can you configure log4j to send messages to a local syslog-ng process and then have that process send out messages via TCP? -- Bazsi _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Mon, 2008-03-10 at 12:33 +0000, Sigurður Bjarnason wrote:
Well,
The log4j client is sending to the local client and that client is sending to the central server.. however... I am seeing drop in logs :(
options { create_dirs(yes); dir_perm(0755); dir_owner(root); dir_group(root); perm(0600); owner(root); group(root); chain_hostnames(no); keep_hostname(yes); stats(900); use_time_recvd(yes); time_reopen(5); };
source local { pipe("/proc/kmsg"); unix-stream("/dev/log"); internal(); udp(port(514)); tcp(port(514) keep-alive(yes) max-connections(5)); };
## send everything to loghost too in case of 2x syslog servers destination syslog-server-1 { tcp("192.168.1.150" port(514));}; destination syslog-server-2 { tcp("192.168.1.151" port(514));}; log { source(local); destination(syslog-server-1);destination(syslog-server-2);};
this is my local syslog-ng client config, if I take the udp port part out.. no logs arrive from log4j.
if log4j can only use UDP, then increase the receive buffer of syslog-ng (so_rcvbuf option, and /proc/sys/net/core/rmem_max setting on Linux) -- Bazsi
participants (2)
-
Balazs Scheidler
-
Sigurður Bjarnason