[systemd-devel] Forwarding to syslog missed XX messages

Reindl Harald h.reindl at thelounge.net
Mon Sep 15 05:25:22 PDT 2014 


Am 15.09.2014 um 14:10 schrieb Reindl Harald:
> 
> Am 15.09.2014 um 14:05 schrieb David Herrmann:
>> On Mon, Sep 15, 2014 at 1:43 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>>>
>>> Am 15.09.2014 um 13:38 schrieb David Herrmann:
>>>> On Mon, Sep 15, 2014 at 1:20 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>>>>> anybody an idea why?
>>>>
>>>> The syslog daemon couldn't keep up with reading the log-messages. You
>>>> might wanna increase the syslog receive-queue in your syslog daemon or
>>>> make sure you don't flush that many messages to it.
>>>
>>> i see that on any machine, even nearly idle ones
>>> no idea where are "that many messages" below
>>>
>>> one reason more to keep the noise of informational
>>> messages low (log-flood sessionmanager and so on)
>>>
>>> Sep 15 13:30:02 localhost sshd[5066]: Did not receive identification string from *.*.*.*
>>> Sep 15 13:34:45 localhost systemd-journal[4946]: Forwarding to syslog missed 12 messages.
>>> Sep 15 13:35:02 localhost sshd[5077]: Did not receive identification string from *.*.*.*
>>> Sep 15 13:36:06 localhost sshd[5085]: Accepted publickey for root from *.*.*.* port 13108 ssh2
>>> Sep 15 13:36:06 localhost systemd-journal[4946]: Forwarding to syslog missed 2 messages.
>>> Sep 15 13:36:06 localhost systemd[1]: Starting Session 1458 of user root.
>>> Sep 15 13:36:06 localhost systemd[1]: Started Session 1458 of user root.
>>> Sep 15 13:36:06 localhost systemd-logind[384]: New session 1458 of user root.
>>> Sep 15 13:36:06 localhost sshd[5085]: pam_unix(sshd:session): session opened for user root by (uid=0)
>>> Sep 15 13:36:06 localhost sshd[5085]: Received disconnect from *.*.*.*: 11: disconnected by user
>>> Sep 15 13:36:06 localhost sshd[5085]: pam_unix(sshd:session): session closed for user root
>>> Sep 15 13:36:06 localhost systemd-logind[384]: Removed session 1458.
>>> Sep 15 13:36:45 localhost sshd[5162]: Accepted publickey for root from *.*.*.* port 13128 ssh2
>>> Sep 15 13:36:45 localhost systemd-journal[4946]: Forwarding to syslog missed 8 messages.
>>
>> Can you compare the messages in journald with the syslog messages?
>> It'd be interesting to see whether some messages are really dropped
> 
> well, there are a lot of dropped intentionally by
> ":msg, contains, "whatever" ~" and all wanted ones
> are there - may journald whine because they are
> ignored?

that's pretty sure the count of total loglines and not missed ones

* that's why on idle machines not all 30 seconds because
  sometimes there are minutes with no log at all

* well, and the inbound mailserver for sue does not
  miss some hundret lines every 30 seconds

* another rsyslog rule:
  :msg, contains, "Forwarding to syslog missed" ~

Sep 15 14:19:23 localhost systemd-journal[5880]: Forwarding to syslog missed 211 messages.
Sep 15 14:19:53 localhost systemd-journal[5880]: Forwarding to syslog missed 253 messages.
Sep 15 14:20:24 localhost systemd-journal[5880]: Forwarding to syslog missed 503 messages.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140915/b3f39a38/attachment.sig>

More information about the systemd-devel mailing list