[syslog-ng] Buffering AF_UNIX Destination, Batch Post Processing Messages
syslogng at feystorm.net
syslogng at feystorm.net
Wed Sep 8 07:02:21 CEST 2010
Sent: Martedì 7 Settembre 2010 19.42.52
From: Matthew Hall <mhall at mhcomputing.net>
To: Syslog-ng users' and developers' mailing list
<syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Buffering AF_UNIX Destination, Batch Post
Processing Messages
>> Syslog-ng will queue all the destination messages until the oldest
>> message is 60 seconds old, and then flushes them all out at once.
>>
>
> This part is tricky. How do I tell if I have received all the messages?
> How do I know when I have hit the end of the batch? Is it possible to
> have the daemon insert a marker message, or is there some other way I
> can check for this?
>
I do not believe there is an elegant way. Best idea I can come up with
is to put a timeout on the receiving end so that when it goes quiet for
more than X seconds or whatnot, it sees that as end of batch.
You might be able to request that the mark option be allowed for
non-local destinations. Basically that would allow you to set a mark of
1 second, and when you receive 2 mark messages back-to-back, that would
be end-of-batch (would basically mean there was no data in between).
> Thanks,
> Matthew.
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100907/650c4839/attachment.htm
More information about the syslog-ng
mailing list