[syslog-ng] Two instances of syslog-ng on the same host?

Sun Jun 27 03:37:57 CEST 2010

As a point of reference, I have a setup with over 200 syslog-ng processes and it works fiine.

"Patrick H." <syslogng at feystorm.net> wrote:

>Yes, that should work just fine. I run a box with 4 syslog instances and 
>they all place nice together. My setup isnt exactly the same, but I have 
>no problems which you are experiencing. My setup: I have a master 
>syslog-ng process that does nothing but accept connections from remote 
>hosts and from the local system. That process then relays the messages 
>to other local syslog-ng processes which do the actual work (lots and 
>lots of parsing).
>I only included the options and source sections as theyre the only ones 
>that matter.
>
>Master syslog-ng process that accepts from local & remote & forwards to 
>other local processes
>@version: 3.0
># syslog-ng configuration file.
>#
># This should behave pretty much like the original syslog on RedHat. But
># it could be configured a lot smarter.
>#
># See syslog-ng(8) and syslog-ng.conf(5) for more information.
>#
>
>options {
>    time_reopen(1);
>    use_dns(no);
>    use_fqdn(yes);
>    keep_hostname(yes);
>    create_dirs(yes);
>    perm(0644);
>    dir_perm(0755);
>    log_iw_size(50000);
>    log_fifo_size(100000);
>    #time_sleep(1);
>};
>
>source s_sys {
>    file("/proc/kmsg" program-override("kernel"));
>    unix-stream ("/dev/log");
>    internal();
>};
>source s_net {
>    tcp(ip(0.0.0.0) port(514) max-connections(1000));
>    udp(ip(0.0.0.0) port(514));
>};
>
>
>syslog-ng that accepts the forwarded messages
>@version: 3.0
># syslog-ng configuration file.
>#
># This should behave pretty much like the original syslog on RedHat. But
># it could be configured a lot smarter.
>#
># See syslog-ng(8) and syslog-ng.conf(5) for more information.
>#
>
>options {
>    time_reopen(1);
>    long_hostnames(off);
>    use_dns(no);
>    use_fqdn(no);
>    keep_hostname(yes);
>    create_dirs(yes);
>    perm(0644);
>    dir_perm(0755);
>    #log_fetch_limit(100000);
>    #log_iw_size(200000);
>    #log_fifo_size(400000);
>    flush_lines(50);
>    flush_timeout(5000);
>    #stats_freq(10);
>    #stats_level(2);
>    #time_sleep(1);
>};
>
>
>source s_master {
>    #syslog(ip(127.0.0.1) port(515) transport('tcp') so_keepalive(yes) 
>log_iw_size(1000));
>    tcp(ip(127.0.0.1) port(515) flags('syslog-protocol'));
>};
>source s_syslog {
>    internal();
>};
>
>
>
>
>
>
>
>
>
>
>Sent: Saturday, June 26, 2010 6:08:42 PM
>From: John R. Dunning <jrd at jrd.org>
>To: syslog-ng at lists.balabit.hu
>Subject: [syslog-ng] Two instances of syslog-ng on the same host?
>> Hi wizards.  Apologies if this is an FAQ or something, but I've dug
>> all around and failed to find the answer.
>>
>> I have a system on which, for reasons I'd rather not go into here, it
>> makes sense to run two instances of syslog-ng, one for standard
>> logging of local events, the other acting as a proxy for a flock of
>> other systems.
>>
>> The proxy starts first, very early in the init sequence, the regular
>> one starts later.
>>
>> This all worked great with syslog-ng 2, but I recently upgraded to
>> version 3.1.1 and I can't get it to work correctly.  The proxy
>> instance is supposed to only be listening on a tcp socket, but it
>> seems to also be opening the AF_UNIX socket to /dev/log.  This causes
>> the launch of the main instance to fail.
>>
>> I've been through the docs, but it's not obvious to me how to get
>> syslog-ng to start without opening the socket to /dev/log.  Hints?
>> Thanks in advance...
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>   
>
>______________________________________________________________________________
>Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>FAQ: http://www.campin.net/syslog-ng/faq.html
>