[syslog-ng] syslog-ng client messages delayed

Evan Rempel erempel at uvic.ca
Thu Mar 27 17:08:13 CET 2008


mark peters wrote:
> Hi,
> 
> We are running into a issue where syslog-ng clients who
> are configured to forward to a central syslog-ng
> destination server that are reasonably chatty are getting
> there messages delayed at the source (ie. 'tcpdump'ing the
> client shows it is sending messages from N minutes ago,
> where N is anything from 5 to 60 minutes on average
> sometimes more). We have also seen a small percentage of 
> loss at the destination.

Some applications syslog with an incorrect time.
We are currently working with sendmail logging some messages exactly 1 hour old.
They log it at the correct time, but with an hour old timestamp.

We saw open ssh log with a time of 7 hours in the future (I think it logged UTC native
time rather than our time zone).

IF you can, try to associate the "wrong time" messages with a process ID or something
that you can confirm is logging the messages at the correct time. By ignoring the
time on the syslog messages, you can see that the cronlogy of the messages is correct,
then you can deduce that the application is logging the wrong time.


Evan Rempel


More information about the syslog-ng mailing list