Date: Mon, 3 Sep 2012 09:37:07 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Attilio Rao <attilio@freebsd.org> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: syslog(3) issues Message-ID: <alpine.BSF.2.00.1209030934520.39976@fledge.watson.org> In-Reply-To: <CAJ-FndDeNVcEv5HRBMtQ5ZKa3zdWwt5d4fFPaoXnyV3MS31QDw@mail.gmail.com> References: <CAJ-FndDeNVcEv5HRBMtQ5ZKa3zdWwt5d4fFPaoXnyV3MS31QDw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Sep 2012, Attilio Rao wrote: > I was trying to use syslog(3) in a port application that uses threading , > having all of them at the LOG_CRIT level. What I see is that when the > logging gets massive (1000 entries) I cannot find some items within the > /var/log/messages (I know because I started stamping also some sort of > message ID in order to see what is going on). The missing items are in the > order of 25% of what really be there. > > Someone has a good idea on where I can start verifying for my syslogd > system? I have really 0 experience with syslogd and maybe I could be missing > something obvious. syslog(3)/syslogd(8) use datagram sockets for both local and networked logging, and it is possible for those datagram sockets to fill and drop messages. I'm not sure if we have per-socket counters that can easily be queried by syslogd, but if we do, it might be beneficial to have syslogd wake up once a second and check to see if the counters have changed -- if they have, inject a log message indicating how many messages were dropped in the last $epsilon. If we don't have counters along those lines, it might make sense to add them. We might also find that it is appropriate to tune up the limits if they no longer seem sensible in the current world order -- they may have late 1980s/early 1990s values (or they may not). Robert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1209030934520.39976>