[syslog-ng] remote logging not reliable

Nate Campi nate at campin.net
Thu Mar 2 21:41:54 CET 2006

On Tue, Feb 28, 2006 at 11:09:43AM -0800, stucky wrote:
> guys
> I've been pulling my hair out here. I gonna go insane....
> Here's the story.
> I first setup syslog-ng-1.6.6 for remote syslogging a year ago.
> I seemed to work out great  - all my stuff appeared to be logged remotely
> and everything was dandy.
> Then I decided to come up with some sort of check that would tell me if a
> machine was not logging remotely anymore
> cause of network problems or whatever. 

I'm thinking that since you use TCP that perhaps the messages only come
through once in a while, and since the first message sent when a TCP
connection comes up used to be lost (might still be, but I remember
Bazsi coming up with a workaround/fix at some point) then you might
actually lose messages the way you report.

Either try using UDP for a short while or try tcp-keep-alive() to keep
the connection up. Also review the changelogs to see if a newer version
fixes this behavior (probably a good idea to upgrade anyways).


He may look like an idiot and talk like an idiot but don't let that fool
you. He really is an idiot. - Groucho Marx

More information about the syslog-ng mailing list