[syslog-ng] syslog-ng and network problem
Giovanni Mancuso
suuuper at messinalug.org
Fri Jun 11 12:01:24 CEST 2010
Hello guys
I've installed two syslog-ng server instances behind a load balancer
(LB) and configured N syslog-ng clients pointing to my virtual ip address.
The clients doesn't send too much messages to the servers at this time.
For some reason the LB closes the connections and when my client have to
send a message to the server it realize that the connection was closed
and it reopen a new one.
The problem is that the messages even if the connection is stablished
once again doesn't arrive to the server.
I tryed also to enable the mark_freq(10) option but nothing changed. It
starts to work if I restart the client or if I generate a lot of
messages ( echo "MESSAGE" >> FILE.log )
I realize that the problem is in the network, but is someone have
another idea to workaround this issue i'll be thankfull!
Here is the config of one of my clients:
@version: 3.0
#Default configuration file for syslog-ng.
#
# For a description of syslog-ng configuration file directives, please read
# the syslog-ng Administrator's guide at:
#
# http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html
#########
# options
options { time_reopen(10); keep_hostname(yes); log_msg_size(65535);
flush_lines(0); };
#########
# sources
source s_balabit { internal(); };
source s_source { file("FILE.log"); };
filter f_filter { match ("OUTGOING" value("MESSAGE")); };
#########
# destinations
destination d_internal { file("/var/log/balabit.log"); };
destination d_network {
tcp("vip" port(10001)
tls(
ca_dir("/etc/ssl/syslog-ng/ca.d"))
log_fifo_size(4194304)
);
};
#########
# logs
log { source(s_source); filter(f_filter); destination(d_network);};
log { source(s_balabit); destination(d_internal); };
More information about the syslog-ng
mailing list