[syslog-ng] One destination stopped logging?
Hari Sekhon
hpsekhon at googlemail.com
Mon Jul 2 12:11:12 CEST 2007
Hi,
I've got syslog-ng on my mail server and today I noticed while trying to
debug something else that there was nothing in the maillog. I thought
this was very odd as there should be lots of stuff, so I checked
syslog-ng was running. It was but I decided to restart it and then the
maillog started to fill up again.
Now it's been several days since it's written anything to the mail log,
but it has continued writing to the /var/log/messages destination during
that time.
Here is my config:
options {
chain_hostnames(off);
sync(0);
stats(43200);
log_fifo_size(30000);
};
source src { unix-stream("/dev/log" max-connections(1000)); internal();
pipe("/proc/kmsg"); };
destination messages { file("/var/log/messages"); };
destination d_net { tcp("ip_to_logserver" port(logserver_port) ); };
destination maillog { file("/var/log/maillog"); };
destination mailerr { file("/var/log/mail.err"); };
filter f_mail { facility(mail); };
filter f_mailerr { facility(mail) and level(err); };
filter f_notmailjunk { not (program("postfix/*") and not level(err)); };
log { source(src); filter(f_mail); destination(maillog); };
log { source(src); filter(f_mailerr); destination(mailerr); };
log { source(src); filter(f_notmailjunk); destination(messages);
destination(d_net); };
Possible idea: My logserver was flooded as I was doing something else on
it and it's likely that logs didn't get through (I know, I know - I
wanted a separate machine for this of course but my boss holds the
money...). Is it possible that the logger filled up locally backlogged
messages for the logserver and this caused logs to be lost for the other
destination maillog as syslog-ng was full or something?
Does this sound like it or not at all?
I am using syslog-ng 1.6.11 by the way.
Thanks
Hari
--
Hari Sekhon
More information about the syslog-ng
mailing list