[syslog-ng] disk based buffering

Scheidler, Balázs balazs.scheidler at balabit.com
Tue Sep 27 21:11:52 CEST 2016 

Syslog-ng attempts to address application level failures with reliable disk
buffer but kernel level crashes/power failures are not covered, at least
you can suffer message loss, but the queue in general should stay intact.

There's a tool for reading disk queue files, iirc the name is dqtool,
should be included in your package.

On Sep 27, 2016 8:35 PM, <thejaguar at tutanota.de> wrote:

Hi,
I have been using disk based buffering with reliable turned on yes as
suggested here :-
https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-
ose-guide-admin/html/configuring-diskbuffer-reliable.html

This has been working great for me on an embedded linux device which does
not have internet connection except when the application running on it
turns on the modem/pppd when it has to send some data, basically to save
battery power. Now  syslog-ng is brilliant and sends all the stored/queued
 logs immediately upon detecting network connection as long as system stays
alive. Now the challenge is if the device has a system reset or kernel
crash in between network connection availability, will syslog-ng send
unsent logs upon next system reboot when it gets the network connection ?
Or it resets the queue and tracking upon system reset/boot ?
I noticed any logs generated  in between power resets and which are not
sent are not transmitted  on next net connection.  Is it expected behaviour
? If not then what wrong I am doing ? also how can I read whats in
 /var/lib/syslog-ng/syslog-ng-00000.rqf  or syslog-ng.persist ?

=======================

destination d_net {
        network (
                "`myloghost`" port(`mylogport`) transport("tls")
                tls( ca-dir("/etc/syslog-ng/ca")
peer-verify(required-trusted) ssl-options(no-sslv3,no-tlsv1) )
                disk-buffer( reliable(yes) mem-buf-size(1M)
disk-buf-size(5M) qout-size(64) )
                template("<$PRI> $FACILITY $ISODATE $HOST $PROGRAM $MSG\n")
        );
};

syslog-ng 3.8.1
Installer-Version: 3.8.1
Revision:
Module-Directory: /usr/lib/syslog-ng
Module-Path: /usr/lib/syslog-ng
Available-Modules: cef,affile,basicfuncs,system-source,cryptofuncs,graphite,
pseudofile,afuser,kvformat,add-contextual-data,date,
csvparser,linux-kmsg-format,confgen,syslogformat,afprog,
disk-buffer,dbparser,afsot
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: off
Enable-Spoof-Source: off
Enable-TCP-Wrapper: off
Enable-Linux-Caps: off

=======================

Thanks



____________________________________________________________
__________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?
product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160927/f2b8d606/attachment.htm

More information about the syslog-ng mailing list