7.2.2.1.1. Procedure – Set global options
Configure parameters for I/O operation optimization.
File I/O is always expensive in terms of system time needed, so theoretically the number of (log) write operations should be minimized, keeping a number of incoming log entries in a memory buffer and batch-write them out to disk.
Note This buffer and thus the time between successive log write-outs cannot be too long because in case a hardware malfunction occurs and the machine has to be rebooted, the log messages that have not been written out yet are lost.
Time-related parameters are given in seconds. Message size is in bytes, while message queue size is an item number.
Set system time usage.
Macro substitution is possible in syslog-ng, for example when creating filenames. If you use system time as a macro variable, the default is to use local system time on the syslog-ng server that processes the log entries. If, instead, you want to use time values received in the log messages themselves, check the checkbox.
Configure file creation.
If you configure file creation to use many different directories that do not yet exist, the checkbox can be used to create them as needed.
Configure the required parameters.
The list of other configurable parameters in this tab includes the following.
- Message size
Defining the allowed maximum size for log messages.
- Message queue size
Defining the allowed number of messages waiting to be processed.
- Stats interval
Setting the syslog-ng's internal reporting interval. The syslog-ng application reports a number of parameters on its own operations and statistics.
- Mark interval
Setting the regularity of marking timestamps by the syslog daemon.
- Sync interval
Defining how often log messages are written out from memory.
The default '0' means there is no time delay, messages are written out continuously.
- File inactivity timeout
Defining after how long non-usage time the log files are closed.
- Reopen interval
Setting how often a log file can be opened again.
Assign owner and permission parameters to log files and directories created by syslog-ng.
By default, syslog-ng runs as root, but can be configured to run as a limited user as well. In this case you have to set the appropriate permissions, or use the defaults.
Set name resolution for syslog-ng.
Machine identification in log entries is accomplished using IP addresses. If you want to use hostnames that are easier to remember and recognize, you can instruct syslog-ng to perform name resolution. This name resolution only works for resolving the IP addresses of hosts sending log entries.
If there are IP addresses within the log messages themselves they are not resolved this way. To perform name resolution for those addresses, a log analyzer utility is needed. Name resolution is a time-consuming process and to achieve the best results, use a DNS server that is “close” to the syslog-ng server in terms of response time.
On the other hand, log entries are typically coming from a limited number of machines (servers) and their IP addresses tend not to change. Therefore, it is reasonable for the syslog-ng server to cache their resolved names locally, thus easing the heavy reliance on a DNS server.
You can configure DNS caching as a global option. The time values are in seconds, cache size is in bytes. File options can be changed in individual file destination configurations, but name resolution options cannot, they are always global.
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu
