From owner-freebsd-hackers@FreeBSD.ORG Mon Sep 3 00:37:02 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 987C6106564A for ; Mon, 3 Sep 2012 00:37:02 +0000 (UTC) (envelope-from asmrookie@gmail.com) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id 187C28FC0C for ; Mon, 3 Sep 2012 00:37:01 +0000 (UTC) Received: by lbbgg13 with SMTP id gg13so2692513lbb.13 for ; Sun, 02 Sep 2012 17:37:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=/IBlKtdNWkgextArWhhJjS9FB6B6XIs3aqFNfoku110=; b=tQ8CJQQoFet4VPB/v5aUvycyJG4OSfgI0+5NeVXK36s8/DhZBCW+2mme9yhcIW6ckW 3dhGLw6xrCp9c4nTJdRq1wmcWQNTtwbPiWLWpoZnlktV+hUkKyh5dLMF5sOe+jO9XwYa PyxBzmZ+HE1vsNEpZ1zTJ6P9VzFozG79DhvG+wfK3ABYrOz4F32KjSF122LsH1Y5ARHN Va29id3JsMo3dJONdy8x+6cjTF4dOfnzyUWq4/DUO7F6lP8SYq9Hu+yfha/BgV/dRZHG Jh4f4xLPsrhDPmDSaTNBaykqHqHtivFO4hZalH0VyCfcpbSQYiI93QHs8Xot26q77x3p ZGLw== MIME-Version: 1.0 Received: by 10.112.103.71 with SMTP id fu7mr4631200lbb.21.1346632160174; Sun, 02 Sep 2012 17:29:20 -0700 (PDT) Sender: asmrookie@gmail.com Received: by 10.112.102.39 with HTTP; Sun, 2 Sep 2012 17:29:20 -0700 (PDT) In-Reply-To: References: Date: Mon, 3 Sep 2012 01:29:20 +0100 X-Google-Sender-Auth: ii4JOx3UtpD1-t5WPoEYFefLGlo Message-ID: From: Attilio Rao To: Garrett Cooper Content-Type: text/plain; charset=UTF-8 Cc: FreeBSD Hackers Subject: Re: syslog(3) issues X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: attilio@FreeBSD.org List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Sep 2012 00:37:02 -0000 On Mon, Sep 3, 2012 at 1:20 AM, Garrett Cooper wrote: > On Sun, Sep 2, 2012 at 4:35 PM, Attilio Rao wrote: >> Hi, >> I was trying to use syslog(3) in a port application that uses >> threading , having all of them at the LOG_CRIT level. What I see is >> that when the logging gets massive (1000 entries) I cannot find some >> items within the /var/log/messages (I know because I started stamping >> also some sort of message ID in order to see what is going on). The >> missing items are in the order of 25% of what really be there. >> >> Someone has a good idea on where I can start verifying for my syslogd >> system? I have really 0 experience with syslogd and maybe I could be >> missing something obvious. > > I'd maybe use something like rsyslog and force TCP to verify that > the messages made it to their endpoints, and if all the messages make > it to the rsyslogd daemon use tcpdump/wireshark to figure out if the > UDP datagrams (default transport layer for syslog) aren't getting > dropped on the floor. Forgot to mention: the logging is done completely locally so I don't think network should play a role here. Also, I would like to understand if I'm missing something subdle or if we actually may have a bug in syslogd. Attilio -- Peace can only be achieved by understanding - A. Einstein