[syslog-ng]syslog-ng vs (of all things) Win2k + IIS

Scott McDermott mcdermot@questra.com
Fri, 6 Oct 2000 10:22:39 -0400


Jeffrey W. Baker on Thu  5/10 15:07 -0700:
> You had better make sure that the disk on the destination is faster
> than the sum of the logging rates of all the other hosts, or the
> syslog-ng on the destination machine will start throwing entries away,
> and *then* you'll really be embarrassed :)

Why does syslog-ng "throw messages away?" Shouldn't they be buffered
instead of discarded? Surely memory can keep up.  It is unacceptable for
messages to be thrown away.  You might as well just use UDP and `hope'
all messages arrive.

Syslog-ng could be more efficient still by allocating large chunks of
memory (maybe using obstacks) for each destination and then
batch-writing them (say, when an alarm expires).  I imagine that
syslog-ng spends a lot of time in system calls because it writes each
message individually.