As a point of reference, I have a setup with over 200 syslog-ng processes and it works fiine. "Patrick H." <syslogng@feystorm.net> wrote:

Yes, that should work just fine. I run a box with 4 syslog instances and they all place nice together. My setup isnt exactly the same, but I have no problems which you are experiencing. My setup: I have a master syslog-ng process that does nothing but accept connections from remote hosts and from the local system. That process then relays the messages to other local syslog-ng processes which do the actual work (lots and lots of parsing). I only included the options and source sections as theyre the only ones that matter.

Master syslog-ng process that accepts from local & remote & forwards to other local processes @version: 3.0 # syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. #

options { time_reopen(1); use_dns(no); use_fqdn(yes); keep_hostname(yes); create_dirs(yes); perm(0644); dir_perm(0755); log_iw_size(50000); log_fifo_size(100000); #time_sleep(1); };

source s_sys { file("/proc/kmsg" program-override("kernel")); unix-stream ("/dev/log"); internal(); }; source s_net { tcp(ip(0.0.0.0) port(514) max-connections(1000)); udp(ip(0.0.0.0) port(514)); };

syslog-ng that accepts the forwarded messages @version: 3.0 # syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. #

options { time_reopen(1); long_hostnames(off); use_dns(no); use_fqdn(no); keep_hostname(yes); create_dirs(yes); perm(0644); dir_perm(0755); #log_fetch_limit(100000); #log_iw_size(200000); #log_fifo_size(400000); flush_lines(50); flush_timeout(5000); #stats_freq(10); #stats_level(2); #time_sleep(1); };

source s_master { #syslog(ip(127.0.0.1) port(515) transport('tcp') so_keepalive(yes) log_iw_size(1000)); tcp(ip(127.0.0.1) port(515) flags('syslog-protocol')); }; source s_syslog { internal(); };

Sent: Saturday, June 26, 2010 6:08:42 PM From: John R. Dunning <jrd@jrd.org> To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Two instances of syslog-ng on the same host?

...

Hi wizards. Apologies if this is an FAQ or something, but I've dug all around and failed to find the answer.

I have a system on which, for reasons I'd rather not go into here, it makes sense to run two instances of syslog-ng, one for standard logging of local events, the other acting as a proxy for a flock of other systems.

The proxy starts first, very early in the init sequence, the regular one starts later.

This all worked great with syslog-ng 2, but I recently upgraded to version 3.1.1 and I can't get it to work correctly. The proxy instance is supposed to only be listening on a tcp socket, but it seems to also be opening the AF_UNIX socket to /dev/log. This causes the launch of the main instance to fail.

I've been through the docs, but it's not obvious to me how to get syslog-ng to start without opening the socket to /dev/log. Hints? Thanks in advance... ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html