Re: Syslog query - I'm probably doing something stoopid

From: Erik (erik@geenspam.vanwesten.net)
Date: 05/20/02 

From: Erik <erik@geenspam.vanwesten.net>
Date: 20 May 2002 01:36:28 GMT

Chopper <no.spam@for.me> wrote:
> Well g'day!

> I'm in the process of setting syslog up to remotely log to a FreeBSD
> box from 3 AIX boxes. is that a normal thing to do? Anyway, got it
> working EXCEPT the central log host (ie the FreeBSD box) lags behind. It's
> own syslog messages are fine - they are logging AS they happen - it's the
> ones from the AIX boxes. they end up HOURS behind - after only a couple of
> days.

> Can anybody help?? Any more info required? I thought maybe that I am
> trying to log too much - and yeah, when I log less they keep up - but from
> what I've been able to find on the net, people remotely log a lot more than
> I am attempting. I'm trying to remotely log everything at the 'info'
> level. Is that overkill?

> Additional info (just in case this is relevant): On the FreeBSD box I start
> syslog with '-a' options for every machine that I'm remote logging from, ie
> 'syslogd -a 23.23.32.43/32:* -a 45.45.35.34/32:* -a 34.98.6.56/32:*'. i
> understand that the '*' should be replaced by 514 - the udp port I'm
> listening for - but when I put it in, it doesn't playthe game.

> Any help appreciated! I'm out of ideas. I guess that I just log less and
> make do with that.

Which version of FreeBSD are you using?

Trying to log too much... can't imagine :-), but how many entries per
second do you log?

EJ 

-- 
For OpenBSD pf en nat rule examples: http://www.vanwesten.net

Relevant Pages