Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#26887 - syslog-ng.conf should use unix-stream() for greater reliability

Attached to Project: Arch Linux
Opened by Kerin Millar (kerframil) - Monday, 14 November 2011, 16:45 GMT
Last edited by Dave Reisner (falconindy) - Monday, 14 November 2011, 18:43 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Dave Reisner (falconindy)
Architecture All
Severity Very Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


The default syslog-ng.conf file in Arch currently makes use of the unix-dgram() option to follow /dev/log. Unfortunately, as mentioned in Chapter 9.1.7 of the official Administrator Guide, this approach is sub-optimal in Linux and may lead to lost messages. I quote:-

"These two drivers behave similarly: they open the given AF_UNIX socket and start listening on it for messages. unix-stream() is primarily used on Linux and uses SOCK_STREAM semantics (connection oriented, no messages are lost); while unix-dgram() is used on BSDs and uses SOCK_DGRAM semantics: this may result in lost local messages if the system is overloaded."

Please rectify this by adjusting line #21 to use unix-stream(), like so:-

This task depends upon

Closed by  Dave Reisner (falconindy)
Monday, 14 November 2011, 18:43 GMT
Reason for closing:  Not a bug
Additional comments about closing:  See comments
Comment by Dave Reisner (falconindy) - Monday, 14 November 2011, 18:34 GMT
This is false, and you're pointing at outdated information. See  FS#22153  where I personally proposed that we change to a UDP socket.

Additionally, see unix(7) where datagram based AF_UNIX sockets are described as an in-order, lossless transmission (unlike UDP over INET).
Comment by Kerin Millar (kerframil) - Monday, 14 November 2011, 18:41 GMT
Thanks, Dave. Sorry for the bogus report.