[syslog-ng] matching by unknown field
Geller, Sandor (IT)
Sandor.Geller at morganstanley.com
Wed May 28 10:53:40 CEST 2008
Hi,
> > Could you describe in detail what is your problem? Reading
> over and over
> > this thread I still don't know what you're after.
> >
> I'm trying to make syslog-ng to send log asap to syslog-ng server and
> last one should write it to file immediately.
> The problem is that syslog-ng not sending immediately and server not
> writing immediately.
OK. As Bazsi suggested the flush_timeout() option enforces to write the
buffered logs to destinations. It would be useful having tcpdump/ ethereal
running on the sending host during your test. This way you can compare the
timestamp of the log message and the timestamp of the network packet to
see whether there is a network latency.
Capturing network traffic on the receiving side too is a good idea. If
you really want to trace the data flow then the best would be to capture
network traffic on both ends, and run both syslog-ng instances under strace
(with options like -ff -tt -s 1024 -o syslogngstrace )
On the receiving side even when flush_timeout() is used the OS could still
buffer the writes. Using fsync() you can enforce the OS to flush its
buffers (however this might cause performance problems, not for syslog-ng
only but for every apps using the same filesystem...).
Regards,
Sandor
--------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
More information about the syslog-ng
mailing list