Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Re: Sys::Syslog skips the first event

by stevieb (Canon)
on Jun 08, 2015 at 15:23 UTC ( [id://1129449]=note: print w/replies, xml ) Need Help??

in reply to Sys::Syslog skips the first event

Could it be that the first log message initializes the socket and doesn't actually do anything? What if you log a blank line before logging any data? Does that help?

Also, can you run tcpdump in full packet mode on the remote machine and see if it is actually receiving the first log entry (perhaps it is, but not doing the right thing)?


Replies are listed 'Best First'.
Re^2: Sys::Syslog skips the first event
by MarkusLaker (Beadle) on Jun 10, 2015 at 15:22 UTC
    Wireshark suggests that the message is being sent and received. However, RFC3164 suggests that there's no hard, normative standard for sending events over TCP: some applications end events with LF, some with CRLF, and some use byte-counting. Sys::Syslog likes LF+NUL and gives you a way to suppress the null, but the option to suppress the LF doesn't work; I've raised a ticket for that and another for the RFC-violating date format. All in all, with no standards and without the ability to suppress the LF experimentally, it's not surprising that the syslog collectors we've tried don't really like the events that Sys::Syslog emits. :-(

      That sounds like its not gonna be fixed soon. Why not switch to rsyslog?

        Unfortunately, rsyslog is one of the syslog collectors that don't like the output of Sys::Syslog.

        In the end, we've decided to abandon Sys::Syslog and write some custom code that implements as much of RFC5424 as we need. We hope for better success with that, partly because we'll have more control over the code, and partly because we'll be implementing the current RFC, rather than RFC3164, which is what Sys::Syslog implements, and which has been obsolete for six years.

        To everyone on this thread: many thanks for your help and suggestions.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1129449]
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others cooling their heels in the Monastery: (6)
As of 2024-05-22 16:45 GMT
Find Nodes?
    Voting Booth?

    No recent polls found