Logging to syslog

Peter Rathlev peter at rathlev.dk
Wed Dec 7 07:27:32 UTC 2016


On Tue, 2016-12-06 at 13:23 +0100, Ivan Fabris wrote:
> I set up some dns logging to syslog ( rsyslog actually ), which
> forwards local1.* and local2.* to a remote rsyslog
[...]
> Both syslog, and journalctl, have all the rate limits set to infinite
> ( all that I could find )

Urgh... journalctl. Remember to also set "RateLimitInterval=0" in the 
"[Journal]" section of journald.conf. And since journald picks up and
stores _everything_, including debug messages from "execute", you might
want "Storage=volatile" there as well. You probably already have
rsyslog write things to disk, no need for it to be written two places.

> Did anyone find some slow down under heavy load with such a config,
> due to syslog ? e.g, no slow downs with file logging
> Or when the local o remote syslog are not available ( I configured
> the local rsyslog with a disk cache )

What exactly does "slow down" mean here? Are you missing messages in
the log files? Or are requests not answered in a timely fashion?

What is heavy load for you? I have a set of 2 vCPU / 4G RAM virtual
machines that service a hotspot network and logs around 3 million lines
per day each. Without RateLimitInterval=0 it routinely drops messages.

-- 
Peter


More information about the bind-users mailing list