On Mon, Feb 12, 2001 at 10:15:24AM -0600, Bill Carlson wrote:
> On Fri, 9 Feb 2001, Peter van Dijk wrote:
>
> >
> > Syslog is unreliable.
> >
>
> We've heard this again and again. Any specifics?
I've seen syslog dropping entries on a centralized logging host that we
use for remote boxen, about forty of them, under what I would have
considered medium load, but apparently syslog considers high. It's also
the only process on the box I've ever had go runaway on me, and hog all
processor time until stopped/restarted... See below.
>
> Is it an implementation problem or just the way syslog works, period?
IMHO it's a design decision. It has no guaranteed delivery method, due
to the use of UDP and no internal delivery control.
>
> I for one am not liking having my logs spread all over machines and in
> multiple directories to boot. Makes things like a log host and log
> checking very tedious to setup.
Centralized logging hosts have their uses, but I prefer in general to
have the logs per-box. Log checking could be a tiny process on the
individual boxes -- it would probably take less CPU overhead than using
syslog in the first place.
>
> http://cr.yp.to/qmail/faq/admin.html#multilog complains that syslog drops
> entries under high load, but no specifics.
>
> So, what are the real complaints about syslog? Or are they ancient
> history and legend?
My largest complaint, oft heard on this list and others, is CPU
overhead. On a mail hub, before switching to multilog, the process with
the most CPU time was usually syslog. This is obviously unacceptable.
--
Greg White
Those who make peaceful revolution impossible will make violent
revolution inevitable.
-- John F. Kennedy
