10 Mar 2008 14:05
Re: syslog-ng and log4j
Balazs Scheidler <bazsi <at> balabit.hu>
2008-03-10 13:05:33 GMT
2008-03-10 13:05:33 GMT
On Mon, 2008-03-10 at 12:33 +0000, SigurĂ°ur Bjarnason wrote:
> Well,
>
> The log4j client is sending to the local client and that client is sending to the central server..
however... I am seeing drop in logs :(
>
> options { create_dirs(yes);
> dir_perm(0755);
> dir_owner(root);
> dir_group(root);
> perm(0600);
> owner(root);
> group(root);
> chain_hostnames(no);
> keep_hostname(yes);
> stats(900);
> use_time_recvd(yes);
> time_reopen(5); };
>
> source local {
> pipe("/proc/kmsg");
> unix-stream("/dev/log");
> internal();
> udp(port(514));
> tcp(port(514) keep-alive(yes) max-connections(5)); };
>
>
> ## send everything to loghost too in case of 2x syslog servers
> destination syslog-server-1 { tcp("192.168.1.150" port(514));};
> destination syslog-server-2 { tcp("192.168.1.151" port(514));};
> log { source(local); destination(syslog-server-1);destination(syslog-server-2);};
>
>
> this is my local syslog-ng client config, if I take the udp port part out.. no logs arrive from log4j.
if log4j can only use UDP, then increase the receive buffer of syslog-ng
(so_rcvbuf option, and /proc/sys/net/core/rmem_max setting on Linux)
--
--
Bazsi
_______________________________________________
syslog-ng maillist - syslog-ng <at> lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
RSS Feed