Skip to main content
Topic: syslong-ng and tcp sockets (Read 1232 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

syslong-ng and tcp sockets

Is it normal for a logger to be using tcp sockets?  Why is it not just using standard Unix sockets instead of burdening the network stack?

Re: syslong-ng and tcp sockets

Reply #1
Quote from: mrbrklyn – on
Is it normal for a logger to be using tcp sockets?
Quite normal I guess. It depends on your configuration though, if you don't have any network log sources then syslog doesn't open any tcp or udp ports. AFAIK.

Re: syslong-ng and tcp sockets

Reply #2
Quote from: Ambie – on
Quote from: mrbrklyn – on
Is it normal for a logger to be using tcp sockets?
Quite normal I guess. It depends on your configuration though, if you don't have any network log sources then syslog doesn't open any tcp or udp ports. AFAIK.


Why don't the network servers report directly to the syslogger with Unix to Unix sockets?  The system logger is not a TCP dumper ?

Re: syslong-ng and tcp sockets

Reply #3
I
Quote from: mrbrklyn – on
Why don't the network servers report directly to the syslogger with Unix to Unix sockets?
AFAIK unix sockets are local. Anyway, IP is more universal solution as not all servers are unix-like.

Re: syslong-ng and tcp sockets

Reply #4
Quote from: Ambie – on
I
Quote from: mrbrklyn – on
Why don't the network servers report directly to the syslogger with Unix to Unix sockets?
AFAIK unix sockets are local. Anyway, IP is more universal solution as not all servers are unix-like.


syslog is logging LOCAL services and events.  the IP stack is only more universal for non-unix like systems.  On Unix systems, unix sockets are built in.  There is no reason to expose a system logger which is getting messages from system daemons to the network.

All the servers on Linux should be Unix-like.  It is Unix.

https://linux.die.net/man/3/syslog
https://linux.die.net/man/8/syslogd
Sysklogd provides two system utilities which provide support for system logging and kernel message trapping. Support of both internet and unix domain sockets enables this utility package to support both local and remote logging.

Yeah - why would it do that :(

Re: syslong-ng and tcp sockets

Reply #5
Hi.
Devil's advocate here :D

Linux is not a Unix. It is as you first stated 'Unix-like'. AFAIK it could not be certified as a Unix because  it's not fully POSIX compliant.

From my own experience you have to go out of your way to enable remote logging, on client and server, with both syslog-ng and rsyslog.
The reason I set it up when I did was I was getting hard crashes and hoped there might be something extra in the logs that the logger had caught but hadn't yet been written to disk because of the write cache.
It didn't help but that's one use case.
Another would be when you have many machines but want centralised logging. There are other way to achieve this but one  is to have the functionality built directly into the logger.

For other reasons I switched from syslog-ng to metalog. Metalog does not support remote logging so may be the better choice for you ?

Re: syslong-ng and tcp sockets

Reply #6
Quote from: gripped – on

For other reasons I switched from syslog-ng to metalog. Metalog does not support remote logging so may be the better choice for you ?

I was just reading Nous say that it does :(
I'm confused.

Re: syslong-ng and tcp sockets

Reply #7
Quote from: mrbrklyn – on
I was just reading Nous say that it does :(
I'm confused.
I stand corrected. Just checked and it does, sort of. You can enable the sending of log message to a remote syslog server but it can’t receive them itself as a client. (according to this)

Which I admit to seeing as a bonus. But find a bit odd to only implement it one way? Apologies for the  incorrect information though. 

I still prefer it to syslog-ng. Very lightweight. The default config just worked after installation and it's format is far simpler than syslog-ng