[syslog-ng] unix-dgram for Linux syslog stream
Scheidler, Balázs
balazs.scheidler at balabit.com
Fri May 8 21:45:24 CEST 2015
It wont lose messages. Despite its name SOCK_DGRAM sockets in the PF_UNIX
domain are not lossy. It is even described in unix(7).
http://linux.die.net/man/7/unix
Hi,
I've read some old discussions about unix-dgram vs unix-stream for
getting the /dev/log syslog stream on Linux (e.g.
https://bugs.archlinux.org/task/22153), but some years have passed by
and I'd like to be sure my configuration is safe.
I'm using syslog-ng 3.2.5 on a system composed of different Linux
(RHEL6) machines. I cannot install a different version.
There is a central log facility, but each machine collects and sends its
logs using the following source config:
source src {
file ("/proc/kmsg" program_override("kernel: "));
unix-dgram ("/dev/log" flags(no-multi-line));
internal();
};
It was originally using unix-stream(), but I need to change it to
unix-dgram() because some custom applications are sending multiline
messages which need to be converted into single line, and unix-stream()
does not support this flag.
Can I be sure that no messages risk to be lost due to this change?
This is a rather critical application.
Thank you very much.
--
01
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150508/0e886585/attachment.htm
More information about the syslog-ng
mailing list