[syslog-ng] syslog-ng does not resume log when disk is full at
Alexander Clouter
ac56 at soas.ac.uk
Thu Feb 21 16:15:23 CET 2008
Hi,
Andrej Lobovski <drejc83 at hotmail.com> [20080221 15:59:45 +0100]:
>
> [snipped howto compile .deb for Debian]
>
> I still have to find/make solution for the problem as I mustn't kill syslog-ng.
>
> Any help will do :).
>
Sorry to be horribly brutal but surely time would be better spent on fixing
the problem rather than helping at the recovery phase. The fact that
syslog-ng is not able to dump data is a non-issue (the way I see it) when
free space is created...the issue is that you have run out of space in the
first place.
The damage is *not* that syslog-ng will not gracefully recover, the real
problem is that you just lost the previous nights logs as someone cunningly
DoS'ed your syslog-ng server to fill up it's harddisk before they commenced
an attack on your network!
You solution:
1. 'rotate' your logs and compress and delete as need be. I have attached
what I do below
2. spend the five minutes it would take you to write a script that monitors
disk utilisation and lvextend/xfs_growfs as need be. Get it to
automatically email you everytime it does this too
The solution is trivial, waiting for Balazs to fix a bug where fundementally
the issue is with your administrator is not the Right Way(tm) to deal with
it.
Sorry to sound harsh, but to me this is a no-brainer
Cheers
Alex
============
logging0:/home/ac56# cat /etc/cron.d/logging-remote-chores
# m h dom mon dow user command
# delete old logs, we keep for half a year
15 2 * * * root cd /var/log/remote/ && find . -type f -mtime +183 -exec rm '{}' \;
# bzip up any logs more than a day old
15 3 * * * root cd /var/log/remote/ && find . -type f -mtime +0 ! -name '*.bz2' -exec nice -n 10 bzip2 -9 '{}' \;
============
More information about the syslog-ng
mailing list