[syslog-ng]Over zealous syslog-ng problem

[Balazs Scheidler]

On Tue, Dec 31, 2002 at 03:11:45PM -0500, Aaron Jackson wrote:
> Ben Russo wrote:
>
> My perl script does the same thing.  It basically sits asleep and checks 
> every few seconds to see if something has been written to the pipe.  If 
> so, it reads 1 line at a time until nothing else is there and then goes 
> back to sleep.  The pipe entries are also preformatted sql statements.  
> What is strange to me is that the sending machine seems to have no 
> problems writting 16 million entries to disk and the receiving machine 
> has the same syslog-ng binary and, for the most part, the same 
> syslog-ng.conf file.  So either the messages are getting lost in 
> transport, or the perl sql inserts are not blocking and they happen too 
> fast for mysql to deal with.  To me, the latter is more troubling.  
> Either way, my setup needs to be refined.

I think they are lost during transit. UDP is especially lossy on bursts.

syslog-ng has no 'last message repepated NNN times' feature, and though it
could be implemented, it clearly clobbers messages, especially when multiple
hosts generate repetition messages.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1