[syslog-ng]lost logs when using syslog-ng on Linux due to /dev/log reopen

Balazs Scheidler bazsi@balabit.hu
Tue, 28 May 2002 12:24:44 +0200


On Tue, May 28, 2002 at 12:50:04PM +0400, Borsenkow Andrej wrote:
> I am using syslog-ng on Mandrake (8.2 and post-8.2), glibc-2.2.5.
> 
> Unfortunately, it tends to lose logs. As far as I can tell it is related to
> the fact that syslog-ng recreates /dev/log on HUP. It means that every
> program that has opened syslog connection won't be able to write to /dev/log
> anymore.
> 
> The sad thing is, this is _not_ limited to klogd (that has the same problem)
> but to every other program (I had very bad case of socks server losing some
> info used for accounting :( It happens to every program (daemon) that does
> openlog() only once on startup.
> 
> Which makes drop in replacement for syslog simply impossible :(

Use unix-stream() source instead of unix-dgram(), and don't use klogd.

libc correctly uses both /dev/log devices, and programs which use openlog()
work.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1