[syslog-ng] syslog-ng client messages delayed
mark peters
markp777jp at yahoo.co.jp
Thu Mar 27 15:19:38 CET 2008
Hi,
We are running into a issue where syslog-ng clients who
are configured to forward to a central syslog-ng
destination server that are reasonably chatty are getting
there messages delayed at the source (ie. 'tcpdump'ing the
client shows it is sending messages from N minutes ago,
where N is anything from 5 to 60 minutes on average
sometimes more). We have also seen a small percentage of
loss at the destination.
On these 'delayed' clients we also see the resident memory
footprint on the growing. Clients are running 1.6.12 (have
tried 2.0.8 also - same symptons). The central syslog-ng
server is running 2.0.8.
relevant config entries are:
syslog-ng client:
options { sync (1);
time_reopen (10);
log_fifo_size (2097152);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
destination d_central { tcp("log2.xyz.com" port(5140)); };
filter f_local5 { facility(local5); };
log { source(s_sys); filter(f_local5);
destination(d_central); flags(final); };
syslog-ng central server:
options { time_reopen (10);
log_fifo_size (2097152);
long_hostnames (off);
use_dns (yes);
dns_cache (yes);
dns_cache_expire (28800);
use_fqdn (no);
create_dirs (yes);
dir_perm (0755);
perm (0644);
keep_hostname (no);
use_time_recvd (no);
stats_freq(600);
flush_timeout(16000);
flush_lines(256);
time_sleep(80);
};
destination d_server { file("/logs/server.$LEVEL.log"); };
filter f_server { facility(local5) and program("server");
};
log { source(s_sys); filter(f_server);
destination(d_server); flags(final); };
to give a rough idea of message volume the server is
receiving approximately 50 million log lines per day on
average
any help/information would be appreciated
thanks
--------------------------------------
Easy + Joy + Powerful = Yahoo! Bookmarks x Toolbar
http://pr.mail.yahoo.co.jp/toolbar/
More information about the syslog-ng
mailing list