Using the NFS network file system can lead to problems if NFS connection is not stable, therefore One Identity does neither recommend nor officially support such scenarios. If you can avoid it, do not store log files on NFS. If the NFS connection is stable and reliable, syslog-ng PE can read and write files on mounted NFS partitions as a normal file source or destination. Read this section carefully before using syslog-ng PE and NFS-mounted log files.
If there is any issue with the NFS connection (for example, connection loss, the NFS server stops), syslog-ng PE can stop working. These NFS issues can be related to the operating system, and can also vary depending on its patch level and kernel version. The possible effects include the following:
-
syslog-ng PE freezes, does not respond, does not process logs, is unable to stop or reload, and you can stop it only using the kill -9 command
-
syslog-ng PE is not able to start, and hangs during startup
-
Message loss or message duplication
-
Message becomes corrupt (it is not lost, but the message or some parts of it contain garbage)
-
When using the
logstore()
destination, the logstore file becomes corrupt -
On some RHEL-based systems (possibly depending on the kernel version too), NFS returns NULL characters when reading a file that another process is writing at the very same moment.
-
Do not use the
logstore()
destination to store files on an NFS-mounted partition -
To use wildcards in the file source if your log files are on an NFS file system, set the
force-directory-polling()
option toyes
to detect newly created files. Note that wildcard file sources are available only in syslog-ng PE version 6.0.3 and newer versions of the 6.x branch, and are not yet available in syslog-ng PE version 7. -
Since One Identity does not officially support scenarios where you use syslog-ng PE together with NFS, One Identity will handle support requests and bugs related to such scenarios only if you can reproduce the issue independently from NFS.
If you cannot avoid using NFS with syslog-ng PE note the following points.
-
USE at least NFS v4 (or newer if available)
-
USE the soft mount option (
-o soft
) to mount the partition -
USE the TCP mount option (
-o tcp
) to mount the partition -
DO NOT install syslog-ng PE on an NFS-mounted partition
-
DO NOT store the runtime files (for example, the configuration or the persist file) of syslog-ng PE on an NFS-mounted partition
-
DO NOT use logstore on an NFS-mounted partition, it can easily become corrupted