[syslog-ng] Reliable tcp logging
Peter Daum
gator_ml at yahoo.de
Wed May 11 13:32:16 CEST 2005
I am trying to send all important messages from a bunch of
other machines to a central syslog-ng server via tcp. I chose
tcp partly, because the same log server gets all kinds of less
important stuff via udp from other machines, which can easily
be distinguished that way, but partially also because I expected
tcp to be more reliable. Unfortunately, this does not seem to be
the case: When the connection has died for any reason, the client
will only discover this when it is trying to send the next message
to the server. Only then it starts to wait until "time_reopen" is
over and establishes a new connection - the message that originally
triggered this and whatever comes in between is lost.
Is there any way to get syslog-ng (v 1.6.5) to check more often
whether a tcp connection to a log host still exists and re-establish
it otherwise? I did not see any reference to this in the documentation,
but this seems to happen every 2 hours.
Setting "tcp-keep-alive(yes)" does not seem to make it any better.
I also discovered that version 1.6.7 has a new option "log_fifo_size"
which sounded promising but setting this to a higher value also does
not seem to have any influence on this issue.
Regards,
Peter Daum
More information about the syslog-ng
mailing list