Hi Gents, I'm posting the question again because I really need an answer for it, Thanks a lot, Andy -----Original Message----- From: Antai Ning [mailto:aning@jetnet.ca] Sent: Wednesday, July 10, 2002 1:38 PM To: 'syslog-ng@lists.balabit.hu' Subject: [syslog-ng]Strang behaviour of syslog-ng (and my program) Hi Gurus, I got some strange phenomemon with syslog-ng. Here is what I'm doing. I configured syslog-ng to forward certain type of messages to a pipe. (say, ALERT). I wrote a program in perl to read from the pipe and print them out. The perl program first try to open the pipe and it'll block at the open function untill syslog-ng has some messages to write to the pipe. Then the perl program reads using IO::File can_read() function, with a 5 seconds timeout. So the function looks like this: $sel->can_read(5). Then I send 10 valid messages to syslog-ng from a remote machine by UDP. To my supprise, the perl program got only 2 of the 10! Then I send another 1 valid message to this syslog-ng after 5 minutes, and I got not only this message, but also the 8 I lost last time! This happens only for the first 10 messages (which includes the opening of the pipe). Everything is fine after the first round. It looks like it's related to the pipe opening and messages get queued somewhere until later messages trigger the queue to flush. So what's really happening inside? And is there a solution? Thanks, Andy Cofiguration: syslog-ng 1.4.11 on Redhat linux 7.2. And here is the syslog-ng globla option look like. (Sorry I can't post all the configuration because of obvious reasons :) ) But there is no options set for specific source, destionation or filter. options { use_dns (no); # Don't perform DNS lookups use_fqdn (no); # Don't use full hostname create_dirs (yes); # Create any necessary dirs for files use_time_recvd (yes); # Use our time, not the remote device time log_fifo_size(10000); # Queue 10000 msgs on a blocked dest sync(0); # Flush the queues as fast as possible # Tweak the sync parameter if the disks are # going wild and thrashing the machine chain_hostnames(on); # Chain hostname/IP information in log line }; source s_UDP { udp( ip(192.168.1.1) port(514) ); };