[syslog-ng] Re: Reliable tcp logging
Balazs Scheidler
bazsi at balabit.hu
Thu May 12 11:36:34 CEST 2005
On Thu, 2005-05-12 at 10:48 +0200, Peter Daum wrote:
> Roberto Nibali wrote:
> >> Well, yes, it is exactly the same issue and it is indeed only one line
> >> that gets lost (which in my case, where typically every host sends about
> >> 1 line/hour does not really make a difference).
> >
> >
> > You mean 1 line/hour that is lost, right?
>
> I guess, my description was ambiguous.
> My problem is _not_ excessive packet loss because syslog-ng couldn't handle
> the volume but really just the contrary: Per host there is typically maybe
> than one line/hour and if that line gets lost, this is a significant
> percentage.
Please note that a single message is dropped whenever the TCP connection
is closed. syslog-ng never closes that by default, only when restarted
or when reloaded when keep-alive() is no. (it is no by default for TCP
sockets)
You can work around this by enabling keep-alive (then HUP is a
non-issue) and maybe send periodical keep-alive messages that will
trigger reconnections when the central server is indeed restarted.
>
> I guess, for me currently the best option would be to switch to udp
> instead (maybe on a different port to keep the important stuff separate
> from printers telling about being out of paper), or get really daring
> and try 1.9.x ...
Although some lab testing would be very welcome, I'd not suggest using
it in production environment.
By the way, are there anyone on this list using syslog-ng 1.9.x in
either production or non-production environments? Feedback was very
limited until now.
--
Bazsi
More information about the syslog-ng
mailing list