[syslog-ng]lost messages when logging to a database
harald schmidt
harald12schmidt@gmx.de
Wed, 2 Oct 2002 10:48:56 +0200 (MEST)
hy,
I am using syslog-ng on a loghost with a MySQL-database.
Everything seems to work fine. But when I compare the number of messages
which are logged to the SQL-database and which are logged to a file, I recognize
that some messages are lost in the MySQL-database. Could it be that sys-ng
is to fast for the pipe which goes to MySQL? I'm using syslog-ng v1.5.21 on a
PIII-1000,512MB,SCSI-Raid1,SuSE 7.3, my config is like that:
source s_kernel { pipe("/proc/kmsg"); internal(); };
source s_stream { unix-stream("/dev/log"); internal(); };
source sn_udp { udp(); };
destination df_all_messages {
file("/var/log/all_messages-$YEAR$MONTH$DAY"); };
destination dq_mysql_all_messages {
pipe("/var/pipes/mysql.fifo"
template("INSERT INTO all_messages_$YEAR$MONTH (host, facility, priority,
tag, date,
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
template-escape(yes));
};
log { source(s_stream); source(s_kernel); source(sn_udp);
destination(df_all_messages); };log { source(s_stream); source(s_kernel); source(sn_udp);
destination(dq_mysql_all_messages); };
the script that reads from the pipe is like that:
#!/bin/sh
datum=$(date +%Y%m)
if [ -e /var/pipes/mysql.fifo ]; then
while [ -e /var/pipes/mysql.fifo ]
do
mysql syslog_$datum < /var/pipes/mysql.fifo
done
else
mkfifo /var/pipes/mysql.fifo
fi
I thought my problem with the lost messages would be fixed after the update
from 1.5.19 to 1.5.21.
In one second there were 43 messages logged to the file, but only 24 to
mysql. Could it be that the pipe is too "thin" to fit 43 messages per second?
thanks for any help in advance.
Harald
--
paybox macht Ihr Handy zur Geldbörse!
http://bonus.gmx.net/?gid=46842444&prid=540