[syslog-ng] syslog-ng with mongodb user survey
Gergely Nagy
algernon at balabit.hu
Tue May 28 15:30:55 CEST 2013
Hi!
"Lucas, Sascha" <Sascha.Lucas at gisa.de> writes:
> thanks a lot for interest. So here is my feedback:
Thanks a lot for your feedback, it's very valuable!
> There are some mongo specific features we like to use, but they are missing atm:
> * use TTL collection (the nightly deletion is slow) -> store data type DATE
This is being worked on, and will likely be part of syslog-ng 3.5.
> * store data type array for tags and classes (patterndb) -> makes it
> searchable by mongo
I have not started working on this yet, but once the type hinting
support is in, adding this should be fairly painless.
> And there are problems with syslog-ng itself (some reported earlier on
> this list):
> * our network destination: Invalid byte sequence or other error while
> converting input, skipping character; encoding='UTF-8', char='0xf0'
I'm afraid I have nothing to offer for this problem at this time, will
look into it as soon as I can find some time.
> * a unknown problem, where syslog-ng stops logging/scrambles logs
> after (frequent) SIGHUP
Are you using file sources, by any chance?
> * a unknown problem, where syslog-ng stops working and blocks most of
> the system: i.e. sshd or sudo waiting to log to /dev/log
We've seen something similar when the supress() option was used, that
dead-locked syslog-ng in a few cases. There's also a race condition in
afmongodb that was recently fixed in git, but that should not result in
syslog-ng blocking (rather, it would lead to a crash, rarely).
--
|8]
More information about the syslog-ng
mailing list