[syslog-ng]syslog-ng down message lost

Balazs Scheidler syslog-ng@lists.balabit.hu
Tue, 17 Jun 2003 17:29:56 +0200 

On Tue, Jun 17, 2003 at 12:12:54PM +0200, Szalai Ferenc wrote:
> Hello,
> 
> I know that there was some discussion the message lost - using syslog-ng
> with TCP - in this list but they wasn't clear me.
> 
> The syslog-ng version is 1.6.0rc3.
> 
> So the log chain is a following:
> client->server1->server2
> 
> The client important config lines:
> source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream
> ("/dev/log"); internal(); };
> destination grid_d { tcp("<ip>" port(20000)); };
> filter grid_f        { program(syslog-ng) or program(condor); };
> log { source(s_sys); filter(grid_f); destination(grid_d); };
> 
> The server1 inportant config lines:
> 
> source grid_s { tcp(ip(<ip>) port(20000) keep-alive(yes) max_connections
> (100)); };
> destination grid_to_entry { tcp("<ip>" port(20000)); };
> log { source(grid_s); destination(grid_to_entry); };
> 
> The server2 important config lines:
> source grid_s { tcp(ip(<ip>) port(20000) keep-alive(yes)
> max_connections(30)); };
> 
> destination grid_all { file("/var/log/HOSTS/$YEAR/$MONTH/$DAY/all.log"
> owner(root) group(root) perm(0600) dir_perm(0700) 
> create_dirs(yes) );
> };
> 
> log { source(grid_s); destination(grid_all); };
> 
> The global options are everyvere:
> options { sync (0);
>           time_reopen (10);
>           log_fifo_size (1000);
>           long_hostnames (on);
>           use_dns (no);
>           use_fqdn (on);
>           create_dirs (no);
>           keep_hostname (yes);
>           stats(3600);        
>         };
> 
> The problem is that sometimes the syslog-ng down message is missing on
> server2 log file. What is the main reason of this in this case or what
> modification is required to solve this problem?
> I hope I was clear.

The reason for the missing last message is caused by the nonblocking nature
of syslog-ng. When a SIGTERM is received the main loop is exited after one
second.

If this time is not enough to flush all buffers, then messages still in the
output buffers will be lost.

This 1 second time amount cannot be controlled via the configuration file,
if this proves to be the reason I might add a global option though.

Please update your main.c file and increase the timeout:


                if (sigtermrecvd) {
                        static struct callback wakeup = 
                                { STATIC_HEADER, do_flush_wakeup };
                        
                        notice("syslog-ng version %z going down\n", VERSION);
                        exit_main_loop = 1;
                        io_callout(&backend->super, 1, &wakeup);
                }
						   ^^^^ This is the number that needs to be increased.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1