[syslog-ng] Losing to much remote sent logs
Balazs Scheidler
bazsi at balabit.hu
Sun Mar 18 13:08:26 CET 2012
On Fri, 2012-03-02 at 08:59 -0600, Martin Holste wrote:
> If possible, I would try swapping the $HOST macro for $SOURCEIP to
> avoid doing any DNS lookups, cached or not. It's unlikely to help,
> but it sounds like you've already tried the basic tuning things. I
> will say that I'm very surprised you're losing log lines. What is
> your peak logs per second, and how long are the peaks?
>
syslog-ng _always_ resolves names if use_dns() is enabled, regardless of
the macros used later. This is because it is one of the first things
that syslog-ng does after receiving a message, much earlier than
actually producing an output, which possibly includes $HOST.
Anyway, DNS lookups are cached, and that should cover the most obvious
performance problems with DNS.
--
Bazsi
More information about the syslog-ng
mailing list