[syslog-ng] log messages lost
Luigi Augello
luigi.augello at unipa.it
Thu Mar 8 11:29:25 CET 2007
hello
I use syslog-ng and it sends log in a local Mysql database via pipe and I have
this syslog.conf
options { flush_lines(0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (yes);
dns_cache(yes);
dns_cache_size(2000);
use_fqdn (yes);
create_dirs (no);
keep_hostname (yes);
time_reopen (10);
};
source src { unix-stream("/dev/log"); internal(); };
source src_firewall { file ("/proc/kmsg" log_prefix("firewall: ")); };
filter firewal_filter { match("REJECT"); };
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date,
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
template-escape(yes));
};
log { source(src); destination(d_mysql); };
log { source(src_firewall); destination(d_mysql); };
sometimes in the database i found this msg record
syslog-ng[6130]: Log statistics; dropped='pipe(/tmp/mysql.pipe)=0',
processed='center(queued)=57298', processed='center(received)=57298',
processed='destination(d_mysql)=57298',
processed='source(src_firewall)=51537', processed='source(src)=5761'
I assume that this message advises that some logs are lost. I register the
messages only local and that messages that i register include firewall's
messages. It is possible solve this problem, which configuration I could use
to solve this problem?
tanks a lot
Luigi
More information about the syslog-ng
mailing list