[syslog-ng] FW: Syslog Problem
Riyas Ahamed
Riyas.Ahamed at csscorp.com
Wed Aug 6 17:17:29 CEST 2014
Hi,
Could you please tell me how to check under load mysql silently drop records. And could you please tell me what is the solution for this problem?
Look forward your timely help would be highly appreciated!!!
Thanks
Riaz Ahmed
________________________________________
From: syslog-ng-bounces at lists.balabit.hu [syslog-ng-bounces at lists.balabit.hu] on behalf of Evan Rempel [erempel at uvic.ca]
Sent: Wednesday, August 06, 2014 8:38 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] FW: Syslog Problem
Wow, I should have looked more closely at your config before I added my comments.
You don't need a fallback because you are not filtering your s_network source.
You are using a mysql database as your back end. This complicates things greatly.
I recommend using a file destination to ensure you are getting everything that you expect.
Only then would I (not me actually) be comfortable with storing the data into mysql.
Under load I have seen mysql silently drop records. No errors of any kind in front or backend
of the database services. you couldn't pay me to use mysql :-(
On 08/06/2014 07:57 AM, Riyas Ahamed wrote:
> Hi,
>
> Could you please tell me how to check fallback destination?
>
> I have attached in this mail configuration file of syslog-ng.
>
> Please help me to come from this problem.
>
> Thanks
> Riaz Ahmed
>
> ________________________________________
> From: syslog-ng-bounces at lists.balabit.hu [syslog-ng-bounces at lists.balabit.hu] on behalf of Evan Rempel [erempel at uvic.ca]
> Sent: Wednesday, August 06, 2014 7:00 PM
> To: syslog-ng at lists.balabit.hu
> Subject: Re: [syslog-ng] FW: Syslog Problem
>
> Do you have a fallback destination defined? (flags(fallback))
>
> I had a case where I couldn't find my log lines and it turnted out to be that the source was sending some weird
> facility that never matched any of my filters.
>
>
> On 08/06/2014 05:58 AM, Riyas Ahamed wrote:
>> Hi Team,
>>
>> Iam sure packet filter accepts that kind of traffic because iptables and selinux are in disabled mode but still I cannot find the network device in syslogng front end.
>>
>> Please help me.
>>
>>
>> Thanks
>> Riaz Ahmed
>> <mailto:7581178|manimaran.sundaresan at csscorp.com>
>> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>> *From:* syslog-ng-bounces at lists.balabit.hu [syslog-ng-bounces at lists.balabit.hu] on behalf of Balazs Scheidler [bazsi77 at gmail.com]
>> *Sent:* Tuesday, August 05, 2014 7:29 PM
>> *To:* Syslog-ng users' and developers' mailing list
>> *Subject:* Re: [syslog-ng] FW: Syslog Problem
>>
>> are you sure the packet filter accepts that kind of traffic? your configuration seems to treat all such hosts equivalently.
>>
>>
>>
>>
>> On Tue, Aug 5, 2014 at 8:21 AM, Riyas Ahamed <Riyas.Ahamed at csscorp.com <mailto:Riyas.Ahamed at csscorp.com>> wrote:
>>
>> Hi,____
>>
>> __ __
>>
>> I have configured a syslog-ng server to capture network logs. I can able to fetch network logs of three devices. ____
>>
>> __ __
>>
>> But in fourth network device I can able to see packets are get polling into the syslog server in port 514 by using tcpdump command but I cannot find the network device in syslogng front end. ____
>>
>> __ __
>>
>> Syslog OS : CentOS release 6.5 (Final)____
>>
>> __ __
>>
>> Syslog Version : syslog-ng 3.2.5____
>>
>> __ __
>>
>> Along with this mail I have attached configuration file of syslogng server.____
>>
>> __ __
>>
>> Please help me to resolve this issue.____
>>
>> __ __
>>
>> Regards,____
>>
>> *N.B.RIAZ AHMED____*
>>
>> *(9047166496 <tel:%289047166496>)____*
>>
>> __ __
>>
>> __ __
>>
>> https://www.csscorp.com/email-disclaimer
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>>
>>
>> --
>> Bazsi
>> https://www.csscorp.com/email-disclaimer
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>
>
> --
> Evan Rempel erempel at uvic.ca
> Senior Systems Administrator 250.721.7691
> Data Centre Services, University Systems, University of Victoria
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
> https://www.csscorp.com/email-disclaimer
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
--
Evan Rempel erempel at uvic.ca
Senior Systems Administrator 250.721.7691
Data Centre Services, University Systems, University of Victoria
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
https://www.csscorp.com/email-disclaimer
More information about the syslog-ng
mailing list