On Tue, Oct 28, 2008 at 08:40:56PM -0500, Matthew Pettis wrote:
> Thank you very much, Benoit,
>
> I'll try it when I get back on the system... a question, if you know the
> answer... I thought one of the advantages to syslog-ng was that it would use
> sockets or tcp for logging, not the less reliable udp. I see the solution
> is to turn on udp -- is this the only way to log from haproxy (via udp, that
> is?)
Yes, UDP is the only one actually supported by haproxy. TCP might come later though, but a redesign of the logging framework with queues is needed first. Tcp generally causes far more losses than UDP in lossy networks, because you don't send anything beyond the window, and if you lose the last packet of the send window, then you don't get any indication of the loss, so the retransmit happens 3s later. In 3s, a lot of logs may come in and fill the queue.
TCP syslog ensures that the transport does not lose any log, it does not ensure that none are lost on the client. It's up to the client to count and report that.
The real advantage of syslog-ng is that it's very flexible, and blazingly fast. Provided you take the time to tune it a bit, it will let your CPU sleep quietly and will never lose logs (at least until 8-10000 logs/s on common hardware).
Willy Received on 2008/10/29 20:28
This archive was generated by hypermail 2.2.0 : 2008/10/29 20:31 CET