[syslog-ng] Log daemon for high volume of logs

[Bryan Henderson]

>My troubles didn't go away
>until I deployed syslog-ng everywhere and used TCP for all syslog
>traffic (from UNIX hosts anyways).

It's important to understand just how TCP addresses the problem.  It's
a problem of servers logging more than the network can handle; UDP
addresses it by discarding log messages; TCP addresses it by slowing
down the servers creating them.  For many servers, logging is supposed
to be transparent; it's not a central enough activity to have it pace
the server's real work.

Besides the pacing, there's also a difference in reliability.  If the
syslog server hangs, a UDP-based logger will stop logging and go on
with life.  A TPC-based one will hang with it.

-- 
Bryan Henderson                                   San Jose, California