On Mon, 2004-03-01 at 11:24, Jeremy Mates wrote: > Currently I replace the default syslog daemon with syslog-ng if > possible, which allows logging over TCP (no lost UDP logs: good for > logging from a limited number of core servers, as opposed to lots of > clients), and other benefits such as built in logfile rotation (no > stupid conveyer belt of logfiles and syslogd restarting) and logging of > the facility and priority.
What happens to a server if it is logging via tcp and the syslog-ng receiving it can't keep up writing to disk? In the past I've seen local unix socket connections kill named and sendmail when syslog couldn't keep up - and of course there was no log about why... The server in question was also collecting remote logs from several cisco routers around the time of the first Code Red virus but still, given a choice between killing a server and dropping a syslog message, I'd prefer to drop the message. --- Les Mikesell [EMAIL PROTECTED] _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
