[syslog-ng] unix-dgram for Linux syslog stream

Scheidler, Balázs balazs.scheidler at balabit.com
Fri May 8 21:45:24 CEST 2015


It wont lose messages. Despite its name SOCK_DGRAM sockets in the PF_UNIX
domain are not lossy. It is even described in unix(7).

http://linux.die.net/man/7/unix
Hi,
I've read some old discussions about unix-dgram vs unix-stream for
getting the /dev/log syslog stream on Linux (e.g.
https://bugs.archlinux.org/task/22153), but some years have passed by
and I'd like to be sure my configuration is safe.

I'm using syslog-ng 3.2.5 on a system composed of different Linux
(RHEL6) machines. I cannot install a different version.
There is a central log facility, but each machine collects and sends its
logs using the following source config:

source src {
        file ("/proc/kmsg" program_override("kernel: "));
        unix-dgram ("/dev/log" flags(no-multi-line));
        internal();
};

It was originally using unix-stream(), but I need to change it to
unix-dgram() because some custom applications are sending multiline
messages which need to be converted into single line, and unix-stream()
does not support this flag.

Can I be sure that no messages risk to be lost due to this change?
This is a rather critical application.

Thank you very much.

--
01

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150508/0e886585/attachment.htm 


More information about the syslog-ng mailing list