[syslog-ng]different message shows up on loghost than on client
Nate Campi
nate@campin.net
Wed, 7 Nov 2001 17:49:00 -0800
I have syslog-ng loghosts in out datacenters that receive messages via
UDP from mostly solaris syslogd. The loghosts in the datacenters then
relay the messages over TCP/stunnel to a central loghost for
archiving/analysis/input into database.
The problem is that a message like this on a solaris 2.6 box:
Nov 7 04:05:45 ballys ctld 5.0.6[22164]: [0] Error: unable to read
header - Status: NoMoreData.
...will arrive (via UDP) on my linux loghost (syslog-ng 1.4.12) like this:
Nov 7 04:05:45 ballys.hotwired.com 5.0.6[22164]: [0] Error: unable to
read header - Status: NoMoreData.
I have no idea why it would cut out the program name (ctld) like that.
Is this a known issue? This is really messing up my log tables, and I'd
like to keep all the data straight in the database. Here's my options
from the linux loghost:
options { use_fqdn(yes); long_hostnames(off); keep_hostname(no);
use_dns(yes); sync(0); };
Plus, when did it become an option to buffer messages with sync? Is is
only the in devel branch? I'd like to set sync(5) or something to take
it easy on the disk.
TIA,
--
Nate Campi http://www.campin.net GnuPG key: 0xC17AEF79
Key fingerprint = BF12 722F 8799 E614 33CC FAB7 5A90 C464 C17A EF79
The only way to convince some people that HTML is about content, not
style is with a 2x4 <PLANK>.