[syslog-ng]STATS: dropped 644 ?
Matthias Keller
syslog-ng@lists.balabit.hu
Sun, 26 Dec 2004 00:09:02 +0100
Hi
I'm using syslog-ng for quite a while now and finally want to resolve
this problem (I suppose)...
I pretty much daily get a whole bunch of dropped messages...
It's not always at the same times but always for several hours!
I'm logging the stats hourly so usually for about 8h a day I get drops
in the hundreds....?
I guess this isn't normal and shouldn't be as my system isn't really
busy at all...
As options I'm using:
options {
long_hostnames(off);
sync(5); # How many lines have to be queued until a disc
synch is done. use 0 for immediate
stats(3600);
log_fifo_size(8192);
log_msg_size(1024);
time_reopen(10);
};
Since there are a lot of apps running on the system I dont go for a
'Application X gets localZ' approach but instead I'm filtering by
application name
One example entry would be:
filter f_dhcpd { program("dhcpd"); };
destination dhcpd { file("/var/log/dhcpd.log"); };
log { source(src); filter(f_dhcpd); destination(dhcpd); flags(final); };
I dont know if that flags(final) does some harm as I haven't seen that
much in the wild but I dont want any further rule care about dhcpd-logs
so I want to stop matched entries there...
I have about 10 such entries...
I also have a catchall in the end:
destination other { file("/var/log/other"); };
log { source(src); destination(other); };
which doesn't really catch anything at all because the messages before
already catches pretty much everything
I can give you the whole config if you like
So I'm hoping you could give me some good advices on how to track down
my problem?
Thanks!!
Matt