[prev in list] [next in list] [prev in thread] [next in thread]
List: qmail
Subject: Re: Qmail - Syslog
From: Kyle Wheeler <kyle-qmail () memoryhole ! net>
Date: 2009-04-20 17:04:08
Message-ID: 20090420170408.GB642 () CPE-65-31-220-231 ! kc ! res ! rr ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday, April 20 at 04:37 PM, quoth Richard Scollon:
> I have successfully configured my qmail installation which works
> perfectly and logs to /var/log/qmail on the local server.
I'm guessing you set it up to use multilog?
> However I wish to collect all my logs on a central syslog server. I
> have succeeded in doing this with standard o/s logs but (after
> trying the same method with the qmail logs) can't get the qmail logs
> to redirect.
Generally speaking, syslog is just AWFUL. It can lose log messages
under high-load, which is the entire reason multilog was invented in
the first place. It's ESPECIALLY bad when forwarding messages to other
servers. For an in-depth explanation, check here:
http://blog.gerhards.net/2008/04/on-unreliability-of-plain-tcp-syslog.html
Here's the key quote:
No advanced flow control, no tricks, no nothing helped. We can not
build a reliable solution out of plain tcp syslog. It's simply a
no-go. ... It's a protocol issue and as such all softwares
implementing plain TCP syslog have the same shortcoming!
Unfortunately, the suggested alternative there (syslog-ng) can also
lose messages:
https://lists.balabit.hu/pipermail/syslog-ng/2004-October/006513.html
The syslog-ng authors admit that even with the most recent version,
it's possible to lose log messages:
http://www.campin.net/syslog-ng/faq.html#lost_messages
That said, you CAN use the program splogger in place of multilog to
send qmail's logs to syslog, and from there you can have syslog
forward them to your central server. But like I said, that puts your
system at risk for losing log messages.
One alternative is to use netcat to pipe log messages from qmail
across the network to a multilog instance on your central server. I do
not know how reliable this is, though.
Another way of doing it is to use multilog's post-processing feature
to send logs to your central server every time it needs to rotate the
local log files. Your central server won't always have the most
current logs, but this method is *very* reliable, since logs are kept
locally "just in case".
I'm sure there are a few other ways, if you're feeling inventive, but
that's just off the top of my head.
Hope that helps,
~Kyle
- --
Most truths are so naked that people feel sorry for them and cover
them up, at least a little bit.
-- Edward R. Murrow
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!
iEYEARECAAYFAknsqwgACgkQBkIOoMqOI14qjgCfSJufu9ewUBKinPoffqsJ2V4Q
B5cAoOgiVTv22fpPxrxhr/s5cjXdZIpB
=f2Cb
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic