[syslog-ng]using pipe results in lost messages?

[Balazs Scheidler]

On Tue, Apr 23, 2002 at 04:53:10PM -0400, Russo, Ben wrote:
> Hi, this is my first posting to syslog-ng@lists
> Syslog-NG is very nice. This is the future of network wide logging.

The processing within syslog-ng is as follows:

main poll() loop:
	check each destination whether they are writable and flush output queues
	check each source, and fetch messages. Fetched messages are stored in output queues of destinations.
		If output queues are full, a message gets dropped for that destination

This means that there's no flow control of messages. So if the reading end
of your pipe destination is not read fast enough, messages get dropped.

You might rewrite your pipe() program to use perl or python, or even C.

syslog-ng 2 will have the capability of using flow control on its pipes.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1