[syslog-ng] Re: question regarding program name logs

Justin Randall jrandall at comwave.net
Wed Sep 27 23:23:48 CEST 2006 

Is it maybe possible that this is a new issue not related to the initial
one outlined in this thread?

It occurred to me that the messages that are "disappearing" are clearly
not behaving in the same way as in 2.0rc1, where they simply went to the
wrong place because of an angle bracket tag with digits inside.

In this case it simply seems like the first message in a burst of UDP
messages is being completely lost.  Since I've downgraded back to
2.0rc2, the problem no longer exists.

Anything else I can do to help?

Regards,

Justin.

-----Original Message-----
From: Justin Randall 
Sent: Wednesday, September 27, 2006 10:10 AM
To: Syslog-ng users' and developers' mailing list
Subject: RE: [syslog-ng] Re: question regarding program name logs

Sorry I pasted the wrong "log" statement, here it is:

log {
  source(src_udp); source(src_tcp);
  filter(fltr_PROGRAM);
  destination(dst_ PROGRAM);
  flags(final, flow-control);
};

-----Original Message-----
From: Justin Randall 
Sent: Wednesday, September 27, 2006 10:07 AM
To: Syslog-ng users' and developers' mailing list
Subject: RE: [syslog-ng] Re: question regarding program name logs

Hi and thanks for the response.

This is actually relating to UDP logging.  I have devices sending Syslog
messages via UDP to a central Syslog-NG server.

Usually the devices log messages to Syslog-NG via UDP in bursts (about
20-25 message within a couple seconds).

The source, filter, destination, log statements for the handling are as
follows:


source src_udp {
  udp(
    ip(IPADDRESS)
    port(PORT)
  );
};

filter fltr_PROGRAM {
  program("PROGRAM") or match("PROGRAM");
};

destination dst_PROGRAM {
  file(
    "/var/log/PROGRAM/messages"
    owner(root)
    group(tomcat)
    perm(0640)
  );
};

log {
  source(src_udp); source(src_tcp);
  destination(dst_remote_system);
  flags(final, flow-control);
};


What ends up happening when a host falls into this flow, the first log
message is missed.  The format of the bursts of messages are exactly the
same.  This did not happen in 2.0rc2, I have downgraded and verified
this.

Let me know if there's any other info I can provide that would help out.

Regards,

Justin.

-----Original Message-----
From: G.W. Haywood [mailto:ged at jubileegroup.co.uk] 
Sent: Wednesday, September 27, 2006 7:42 AM
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] Re: question regarding program name logs

Hi there,

On Wed, 27 Sep 2006 Justin Randall wrote:

> Can anyone confirm if the patch that was to fix this issue was
included
> in 2.0rc3?

Yes, it was.

Note that it only affects logging via UDP.

--

73,
Ged.
_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html



_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html



_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list