[syslog-ng] Re: question regarding program name logs
Justin Randall
jrandall at comwave.net
Wed Sep 27 16:06:53 CEST 2006
Hi and thanks for the response.
This is actually relating to UDP logging. I have devices sending Syslog
messages via UDP to a central Syslog-NG server.
Usually the devices log messages to Syslog-NG via UDP in bursts (about
20-25 message within a couple seconds).
The source, filter, destination, log statements for the handling are as
follows:
source src_udp {
udp(
ip(IPADDRESS)
port(PORT)
);
};
filter fltr_PROGRAM {
program("PROGRAM") or match("PROGRAM");
};
destination dst_PROGRAM {
file(
"/var/log/PROGRAM/messages"
owner(root)
group(tomcat)
perm(0640)
);
};
log {
source(src_udp); source(src_tcp);
destination(dst_remote_system);
flags(final, flow-control);
};
What ends up happening when a host falls into this flow, the first log
message is missed. The format of the bursts of messages are exactly the
same. This did not happen in 2.0rc2, I have downgraded and verified
this.
Let me know if there's any other info I can provide that would help out.
Regards,
Justin.
-----Original Message-----
From: G.W. Haywood [mailto:ged at jubileegroup.co.uk]
Sent: Wednesday, September 27, 2006 7:42 AM
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] Re: question regarding program name logs
Hi there,
On Wed, 27 Sep 2006 Justin Randall wrote:
> Can anyone confirm if the patch that was to fix this issue was
included
> in 2.0rc3?
Yes, it was.
Note that it only affects logging via UDP.
--
73,
Ged.
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list