[syslog-ng] syslog-ng and log4j
Balazs Scheidler
bazsi at balabit.hu
Mon Mar 10 14:05:33 CET 2008
On Mon, 2008-03-10 at 12:33 +0000, Sigurður Bjarnason wrote:
> Well,
>
> The log4j client is sending to the local client and that client is sending to the central server.. however... I am seeing drop in logs :(
>
> options { create_dirs(yes);
> dir_perm(0755);
> dir_owner(root);
> dir_group(root);
> perm(0600);
> owner(root);
> group(root);
> chain_hostnames(no);
> keep_hostname(yes);
> stats(900);
> use_time_recvd(yes);
> time_reopen(5); };
>
> source local {
> pipe("/proc/kmsg");
> unix-stream("/dev/log");
> internal();
> udp(port(514));
> tcp(port(514) keep-alive(yes) max-connections(5)); };
>
>
> ## send everything to loghost too in case of 2x syslog servers
> destination syslog-server-1 { tcp("192.168.1.150" port(514));};
> destination syslog-server-2 { tcp("192.168.1.151" port(514));};
> log { source(local); destination(syslog-server-1);destination(syslog-server-2);};
>
>
> this is my local syslog-ng client config, if I take the udp port part out.. no logs arrive from log4j.
if log4j can only use UDP, then increase the receive buffer of syslog-ng
(so_rcvbuf option, and /proc/sys/net/core/rmem_max setting on Linux)
--
Bazsi
More information about the syslog-ng
mailing list