Am 15.09.2014 um 14:10 schrieb Reindl Harald: > > Am 15.09.2014 um 14:05 schrieb David Herrmann: >> On Mon, Sep 15, 2014 at 1:43 PM, Reindl Harald <h.rei...@thelounge.net> >> wrote: >>> >>> Am 15.09.2014 um 13:38 schrieb David Herrmann: >>>> On Mon, Sep 15, 2014 at 1:20 PM, Reindl Harald <h.rei...@thelounge.net> >>>> wrote: >>>>> anybody an idea why? >>>> >>>> The syslog daemon couldn't keep up with reading the log-messages. You >>>> might wanna increase the syslog receive-queue in your syslog daemon or >>>> make sure you don't flush that many messages to it. >>> >>> i see that on any machine, even nearly idle ones >>> no idea where are "that many messages" below >>> >>> one reason more to keep the noise of informational >>> messages low (log-flood sessionmanager and so on) >>> >>> Sep 15 13:30:02 localhost sshd[5066]: Did not receive identification string >>> from *.*.*.* >>> Sep 15 13:34:45 localhost systemd-journal[4946]: Forwarding to syslog >>> missed 12 messages. >>> Sep 15 13:35:02 localhost sshd[5077]: Did not receive identification string >>> from *.*.*.* >>> Sep 15 13:36:06 localhost sshd[5085]: Accepted publickey for root from >>> *.*.*.* port 13108 ssh2 >>> Sep 15 13:36:06 localhost systemd-journal[4946]: Forwarding to syslog >>> missed 2 messages. >>> Sep 15 13:36:06 localhost systemd[1]: Starting Session 1458 of user root. >>> Sep 15 13:36:06 localhost systemd[1]: Started Session 1458 of user root. >>> Sep 15 13:36:06 localhost systemd-logind[384]: New session 1458 of user >>> root. >>> Sep 15 13:36:06 localhost sshd[5085]: pam_unix(sshd:session): session >>> opened for user root by (uid=0) >>> Sep 15 13:36:06 localhost sshd[5085]: Received disconnect from *.*.*.*: 11: >>> disconnected by user >>> Sep 15 13:36:06 localhost sshd[5085]: pam_unix(sshd:session): session >>> closed for user root >>> Sep 15 13:36:06 localhost systemd-logind[384]: Removed session 1458. >>> Sep 15 13:36:45 localhost sshd[5162]: Accepted publickey for root from >>> *.*.*.* port 13128 ssh2 >>> Sep 15 13:36:45 localhost systemd-journal[4946]: Forwarding to syslog >>> missed 8 messages. >> >> Can you compare the messages in journald with the syslog messages? >> It'd be interesting to see whether some messages are really dropped > > well, there are a lot of dropped intentionally by > ":msg, contains, "whatever" ~" and all wanted ones > are there - may journald whine because they are > ignored?
that's pretty sure the count of total loglines and not missed ones * that's why on idle machines not all 30 seconds because sometimes there are minutes with no log at all * well, and the inbound mailserver for sue does not miss some hundret lines every 30 seconds * another rsyslog rule: :msg, contains, "Forwarding to syslog missed" ~ Sep 15 14:19:23 localhost systemd-journal[5880]: Forwarding to syslog missed 211 messages. Sep 15 14:19:53 localhost systemd-journal[5880]: Forwarding to syslog missed 253 messages. Sep 15 14:20:24 localhost systemd-journal[5880]: Forwarding to syslog missed 503 messages.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel