[syslog-ng]HUP'ing syslog-ng causes data loss
UK
uking@us.ibm.com
Wed, 12 Dec 2001 10:40:25 -0600
Greetings,
Trying to see what happens when syslog-ng (Version 1.4.14 on Solaris 8) gets
HUP'ed, as my logrotate scripts will do, while it's receiving UDP data.
Using the stresstes.sh script on another host (which is using the syslog-ng
box as a loghost), a stream of messages will be sent. The while loop was
changed to:
while [ "$i" -lt "1000" ]
After the script ran, a "cat messages | wc -l" was done against the log and
the results would be approx 995 lines (probably because it's UDP). Then I'd
move the file and HUP syslog-ng and retested a few more times. Same results
each time.
Next, while stresstest.sh was running, syslog-ng would be HUP'ed two or
three times. After every test the "cat messages | wc -l" would show between
965 - 975 lines.
My questions: How can I prevent messages from being lost when syslog-ng gets
HUP'ed? Is it due to a config file error? From reading archived logs I found
this wouldn't happen with TCP but I didn't see any information about UDP.
My config file:
------------
options {
sync(0);
create_dirs(yes);
use_fqdn(yes);
keep_hostname(yes);
};
source src {
sun-streams("/dev/log"
door("/etc/.syslog_door"));
udp();
internal();
};
destination d_cisco {
file("/opt/logs/cisco.log"); };
destination d_other {
file("/var/log/syslog-ng/$HOST/messages"
sync(0) create_dirs(yes)); };
destination d_adm {
file("/var/log/syslog-ng/$HOST/sysmsg"
sync(0) create_dirs(yes)); };
filter f_cisco {
facility(local4); };
# stuff that would go into /var/log/messages
filter f_messages {
level(info..warn)
and not facility(auth, auth, mail, news, local4);
};
filter f_daemonlog {
facility(daemon) and
level (info,warn,notice,err,crit,alert,emerg);
};
log { source(src);
filter(f_cisco);
destination(d_cisco); };
log { source(src);
filter(f_messages);
destination(d_other); };
log { source(src);
filter(f_daemonlog);
destination(d_adm); };
------------
Thanks,
UK