[syslog-ng] unix-dgram for Linux syslog stream

Scheidler, Balázs balazs.scheidler at balabit.com
Sat May 9 08:12:55 CEST 2015

It wont lose messages. Despite its name SOCK_DGRAM sockets in the PF_UNIX
domain are not lossy. Might even be described in unix(7).
On May 8, 2015 4:21 PM, "ZeroUno" <zerozerounouno at gmail.com> wrote:

I've read some old discussions about unix-dgram vs unix-stream for
getting the /dev/log syslog stream on Linux (e.g.
https://bugs.archlinux.org/task/22153), but some years have passed by
and I'd like to be sure my configuration is safe.

I'm using syslog-ng 3.2.5 on a system composed of different Linux
(RHEL6) machines. I cannot install a different version.
There is a central log facility, but each machine collects and sends its
logs using the following source config:

source src {
        file ("/proc/kmsg" program_override("kernel: "));
        unix-dgram ("/dev/log" flags(no-multi-line));

It was originally using unix-stream(), but I need to change it to
unix-dgram() because some custom applications are sending multiline
messages which need to be converted into single line, and unix-stream()
does not support this flag.

Can I be sure that no messages risk to be lost due to this change?
This is a rather critical application.

Thank you very much.


Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150509/53cea805/attachment.htm 

More information about the syslog-ng mailing list