[syslog-ng] logging pauses and log entry truncation
Dustin Trammell
DTrammell@PENSON.COM
Wed, 14 Aug 2002 09:40:09 -0500
I found out why syslog-ng was doing the pausing... I had accidentally left
two source entries for /proc/kmsg in my syslog-ng.conf file (I was
originally trying to see if using file() vs. pipe() made any difference in
the log entry truncation), so I assume it was a locking issue with both of
them trying to read from the same place. After removing one of them, I
haven't had syslog-ng pause on me once, but I am still getting the log entry
truncation on entries from iptables. It usually truncates on iptables log
entries that have an empty OUT= tag (no out interface), and truncates just
after the OUT= tag and before the MAC= tag, or somewhere halfway through the
MAC address in the MAC= tag. Are you getting the truncation at the same
place on the same types of log entries?
---
Dustin D. Trammell
Information Security Specialist
Penson Financial Services, Inc.
-----Original Message-----
From: Caylan Van Larson [mailto:caylan@cs.und.edu]
Sent: Monday, August 12, 2002 15:54
To: Dustin Trammell
Cc: 'syslog-ng@lists.balabit.hu'
Subject: Re: [syslog-ng]logging pauses and log entry truncation
I am having very similar truncating going on. Bazsi is working on a fix.
However, my logs never paused, maybe for a little bit (5-10seconds) but
that is prolly just net traffic jumps.
Good luck to Bazsi!!!