I have syslog-ng writing flat log files to a large data partition separate from root to prevent services from crashing. Then syslog-ng forwards logs to another port where I have Graylog listening. With this setup, you'll still have flat log file backups and logs forwarded to graylog would just be dropped if the server was full. You'd still need to monitor disk usage.
I'm not sure why your services crashed because of syslog though. I have not seen that before, unless syslog started writing locally and filled up the root partition causing them to crash. On Wednesday, May 7, 2014 5:48:01 AM UTC-6, André Coelho wrote: > > Hi > > I have a graylog server that became completely full, after that the syslog > daemons from the servers sending logs to graylog have stopped and all the > services that generates logs to syslog in theses servers like ssh/ldap/smtp > stopped to work consequently. > > The big problem was to find out that the problem was because the syslog > daemon stoped due the graylog server becoming full. > > *Is there anyway, besides monitoring graylog to avoid disk full, to > configure the servers or graylog to avoid this problem?* > > > I have a line like that in the servers to send syslog messages: > > *.info @@graylogserver:10515 > > > > Thanks > > > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
