[syslog-ng]Real time .conf?
Brian Leveille
bleveille@defendnet.com
Thu, 9 Nov 2000 10:30:03 -0500
Bazsi & Matt,
Thanks for your help. After strace-ing I found that the culprit was DNS.
DNS lookups were blocking the daemon.
Adding use_dns(no) to the global config fixed the problem. Messages are now
being written to disk in real time and I am losing nothing!
Now, if I want my 'pretty' directory structure and filenames do I add my
remote machines to /etc/hosts or do I make my syslog-ng machine a caching
name server? Will these block?
Brian Leveille
-------------------
Senior Internetworking Engineer
DefendNet Solutions, Inc.
www.defendnet.com
-----Original Message-----
From: Balazs Scheidler [mailto:bazsi@balabit.hu]
Sent: Thursday, November 09, 2000 3:42 AM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]Real time .conf?
Hi,
> Thanks. Somehow though, I don't think that worked. Here is my config
file.
>
> # this file show more or less all the features of syslog-ng
>
> options {sync(0); create_dirs(yes);};
>
> source int { unix-stream("/dev/log"); internal(); };
> source src { udp(port(514)); };
>
> destination everything {
> file("/NetscreenLogs/$HOST/$HOST.$MONTH-$DAY-$YEAR.log"
> owner(NetscreenLogs)
> group(NetscreenLogs)
> perm(0777)
> dir_perm(0777));
> };
>
> destination internallogs { file("/var/log/messages"); };
>
>
> log { source(src); destination(everything); };
> log { filter(DEFAULT); destination(internallogs); };
>
>
>
> All I am trying to do is have my remote boxes send their syslog messages
to
> my server, and have the server create some semblance of a directory
> structure. Simple.
>
> But, when I watch packets with tcpdump, it seems there are A LOT more udp
> port 514 packets than there are log records. My tcpdump sessions shows
> hundreds of udp port 514 packets while my tail -f of my log RARELY
updates.
>
> Am I losing data?!?!?!?
I don't think so. Can you strace syslog-ng to see if it does receive those
messages?
strace -s 256 -p <pidofsyslog-ng>
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng