| View previous topic :: View next topic |
| Author |
Message |
Hackeron
Guru
Joined: 01 Nov 2002
Posts: 307
|
 Posted: Sun Nov 21, 2004 1:26 pm Post subject: Dont use metalog!!! |
 |
|
I was attracted to "metalog is a logger with high performance" comment on the gentoo install guide. I installed it on my new server and it ran just fine for several weeks - although there is definitely a lack of features compared to syslog-ng.
Anyway, suddenly out of the blue, no modifications or anything, it started eating up all my resources! -- I checked "top" which took over 10 minutes to start up! and it wouldnt show any irregularity so I did the windowy thing and restarted machine. What do you know, it hung on startup!!!
Since the machine has no monitor or keyboard, I had to bring it upstairs and try to figure out what the fuck happened! -- its been running for several weeks without being touched at all, and suddenly it fails. -- naturally I assumed hardware and starting changing over components.
It took me about 5 hours to figure out metalog was to blame, and my machine would freeze on startup until I did rc-update del metalog and rebooted without rescue liveCD. Also, as soon as I would start metalog, my machine would start to lag terribly, but top still doesnt show metalog to take more than 2% cpu! -- so very strange.
Anyway, point is *DO NOT USE METALOG*!
syslog-ng offers all the features metalog does, has a much clearer syntax, supports logging of un matched things rather than having to tell every single filter the same rules and takes virtually no resources.
Here are my configurations for syslog-ng:
| Code: | options { long_hostnames(off); sync(0); stats(43200);};
source src { unix-stream("/dev/log"); internal(); };
source kernsrc { file("/proc/kmsg"); };
destination messages { file("/var/log/messages"); };
destination kernmsg { file("/var/log/kernel"); };
#destination console_all { file("/dev/tty12"); };
log { source(src); destination(messages); };
log { source(kernsrc); destination(kernmsg); }; |
|
|
| Back to top |
|
 |
forceflow2
Guru
Joined: 16 Apr 2003
Posts: 464
Location: South Carolina
|
| Posted: Tue Nov 23, 2004 9:16 am Post subject: |
|
|
dunno, I've never had any problems with it
_________________
That rank under my username doesn't mean I know everything, it just means I ask a lot of questions. |
|
| Back to top |
|
|
Mit
Apprentice
Joined: 13 Apr 2003
Posts: 260
Location: Under a rock.
|
| Posted: Tue Nov 23, 2004 11:21 am Post subject: |
|
|
Never had any issues with metalog, its running (and has been) on my server since i installed it, which would be now over 2 years (hardware isn't the same, but nm about that).
Sometimes it might be an idea to some looking around before yelling that something isn't any use like that. I'm not saying there never anyhting wrong with Metalog, but i'll bet more users have had no problems than have had problems with it.
_________________
Tim
Personal Site
FeedJuggler - RSS Made Easy
The TV Guide |
|
| Back to top |
|
|
ben_h
Tux's lil' helper
Joined: 26 Nov 2002
Posts: 118
Location: Australia
|
| Posted: Tue Nov 23, 2004 1:27 pm Post subject: |
|
|
| It's your fault, not metalog's. I've run it for generations. |
|
| Back to top |
|
|
LordArthas
Guru
Joined: 01 Nov 2004
Posts: 500
Location: Maniago, Friûl, Italia
|
| Posted: Tue Nov 23, 2004 1:35 pm Post subject: |
|
|
Hi!
I'm running metalog as well, as per Gentoo AMD64 Handbook, and I have no problems.
Michele. |
|
| Back to top |
|
|
Hackeron
Guru
Joined: 01 Nov 2002
Posts: 307
|
| Posted: Tue Nov 23, 2004 2:53 pm Post subject: |
|
|
I also had no problems, then it suddenly fails. Cant figure out how or why. I havent changed anything at all for 2 weeks.
In anycase, why use metalog if it can just fuck over for no reason unexpectedly? -- Please explain how that is my fault.
| Quote: | | I'm not saying there never anyhting wrong with Metalog |
There you go, metalog is just bad. Why would any logger ever have problems at all -- weeks after working properly!
Also, why use metalog if it only lacks features to syslog-ng -- check out their forum on sourceforge and see for yourself. You want simplicity get syslog, you want features, get syslog-ng -- why get metalog? -- it makes no sense, stop making people fall victim to your poor recomendations.
Here is my metalog configuration that worked for weeks:
| Code: | maxsize = 5242880
maxtime = 604800
maxfiles = 5
Firewall :
facility = "kern"
minimum = 6
regex = "Shorewall"
logdir = "/var/log/metalog/firewall"
Kernel messages :
facility = "kern"
logdir = "/var/log/metalog/kernel"
neg_regex = "Shorewall"
Crond :
facility = "cron"
logdir = "/var/log/metalog/crond"
Password failures :
regex = "(password|login|authentication)\s+(fail|invalid)"
regex = "(failed|invalid)\s+(password|login|authentication)"
regex = "ILLEGAL ROOT LOGIN"
logdir = "/var/log/metalog/pwdfail"
FTP Server :
program = "proftpd"
logdir = "/var/log/metalog/ftpd"
SSH Server :
program = "sshd"
logdir = "/var/log/metalog/sshd"
Everything important :
facility = "*"
minimum = 6
logdir = "/var/log/metalog/everything"
neg_regex = "Shorewall"
Everything very important :
facility = "*"
minimum = 3
logdir = "/var/log/metalog/critical"
console logging :
facility = "*"
command = "/usr/sbin/consolelog.sh" |
|
|
| Back to top |
|
|
Hackeron
Guru
Joined: 01 Nov 2002
Posts: 307
|
| Posted: Tue Nov 23, 2004 2:57 pm Post subject: |
|
|
From metalog's sourceforge page:
| Code: | - Bugs ( 6 open / 6 total )
Bug Tracking System
- Support Requests ( 0 open / 0 total )
Tech Support Tracking System
- Patches ( 1 open / 1 total )
Patch Tracking System
- Feature Requests ( 10 open / 10 total )
Feature Request Tracking System |
100% of reported bugs open, 100% of feature requests ignored, and even a submitted patch that is ignored.
*DO NOT USE METALOG*! |
|
| Back to top |
|
|
forceflow2
Guru
Joined: 16 Apr 2003
Posts: 464
Location: South Carolina
|
| Posted: Tue Nov 23, 2004 7:56 pm Post subject: |
|
|
Sounds like one of the syslog-ng developers is getting jealous...
_________________
That rank under my username doesn't mean I know everything, it just means I ask a lot of questions. |
|
| Back to top |
|
|
Hackeron
Guru
Joined: 01 Nov 2002
Posts: 307
|
| Posted: Tue Nov 23, 2004 7:57 pm Post subject: |
|
|
| forceflow2 wrote: | | Sounds like one of the syslog-ng developers is getting jealous... |
lol, I'm not a syslog-ng dev  -- I dont even know C (yet). |
|
| Back to top |
|
|
forceflow2
Guru
Joined: 16 Apr 2003
Posts: 464
Location: South Carolina
|
| Posted: Tue Nov 23, 2004 8:00 pm Post subject: |
|
|
Ok...you could be a hired hand, sent forth to spread the evil of metalog. 
_________________
That rank under my username doesn't mean I know everything, it just means I ask a lot of questions. |
|
| Back to top |
|
|
Mark Clegg
Apprentice
Joined: 05 Jan 2004
Posts: 270
Location: ZZ9 Plural Z Alpha
|
| Posted: Tue Nov 23, 2004 8:31 pm Post subject: |
|
|
| I had the same - metalog fine for ages, then all of a sudden, all the CPU is taken. I'm on sysleg-ng now - and it's fine. |
|
| Back to top |
|
|
Hackeron
Guru
Joined: 01 Nov 2002
Posts: 307
|
| Posted: Tue Nov 23, 2004 8:39 pm Post subject: |
|
|
| Mark Clegg wrote: | | I had the same - metalog fine for ages, then all of a sudden, all the CPU is taken. I'm on sysleg-ng now - and it's fine. |
Thank you! -- glad I'm not alone here
Anyway, warning to anyone planning or currently using metalog. Cant stress it enough: Do not use metalog! |
|
| Back to top |
|
|
Redeeman
l33t
Joined: 25 Sep 2003
Posts: 958
Location: Portugal
|
| Posted: Tue Nov 23, 2004 9:49 pm Post subject: |
|
|
OMG!! DONT USE A COMPUTER!!!!!!!!
it works fine... for a long time..
but ALL OF A SUDDEN!!!! it goes insane!!!!!!
it breaks!!!!1 ohh dear god no!
the motherboard vendors ignores me when i say i dislike the grey color! NOOOOOOOOOOOOOO!!!!!!!!
and omg no ffs, when i suggest they redesign their print layout, i get ignored too!!!!!! and the worst is, they dont even wanna add my feature suggestion, which is support for both intel and amd cpu
FFFFFSSSSSSS STOP USE IT!!!!!!!!!!!!!!!!!!!!!!
<similar example with a car>
.... |
|
| Back to top |
|
|
Irrumator
n00b
Joined: 05 Mar 2004
Posts: 7
|
| Posted: Tue Nov 23, 2004 9:50 pm Post subject: |
|
|
Yeah it does the same for me d00d!! what will we do??!?!onetwothree?
_________________
I give, you take, this life that I forsake
Been cheated of my youth, you turned this lie to truth
Anger, misery, you'll suffer unto me... |
|
| Back to top |
|
|
Redeeman
l33t
Joined: 25 Sep 2003
Posts: 958
Location: Portugal
|
| Posted: Tue Nov 23, 2004 9:52 pm Post subject: |
|
|
| Irrumator wrote: | | Yeah it does the same for me d00d!! what will we do??!?!onetwothree? |
dear god! im glad im not alone on this!
simply. DONT USE A COMPUTER!!!! move the bits in your head instead, a computer only lacks features!
in your head, you can imagine anything!!!oneone!!!1111!
and besides, when spoken of features!!! man invented computer!!!!!!11111111!!!!!1 |
|
| Back to top |
|
|
Hackeron
Guru
Joined: 01 Nov 2002
Posts: 307
|
| Posted: Tue Nov 23, 2004 10:20 pm Post subject: |
|
|
| Redeeman wrote: | | Irrumator wrote: | | Yeah it does the same for me d00d!! what will we do??!?!onetwothree? |
dear god! im glad im not alone on this!
simply. DONT USE A COMPUTER!!!! move the bits in your head instead, a computer only lacks features!
in your head, you can imagine anything!!!oneone!!!1111!
and besides, when spoken of features!!! man invented computer!!!!!!11111111!!!!!1 |
lol |
|
| Back to top |
|
|
ryker
Guru
Joined: 28 May 2003
Posts: 412
Location: Portage, IN
|
| Posted: Wed Nov 24, 2004 4:28 am Post subject: |
|
|
I have used syslog-ng in the past without problems. On my last firewall/router setup, I decided to try metalog because it was suggested in the Gentoo install instructions. I haven't had any problems with it, but know I am worried. I'm considering removing metalog and installing syslog-ng after reading this thread. Can anyone tell me why I might choose to stick with metalog instead of using syslog-ng?
_________________
Athlon 64 3200+, 80G WD sata hd + 200G IDE, 1G Geil DDR400, MSI K8T Neo
IntelCore2Duo 2.0Ghz MSI laptop,100G SATA hd, 2G RAM |
|
| Back to top |
|
|
Valhlalla
Apprentice
Joined: 22 Sep 2003
Posts: 161
Location: Sydney, Australia.
|
| Posted: Wed Nov 24, 2004 4:57 am Post subject: |
|
|
Becuase of the pathetic FUD campain against it.
[edit] I'm not a real big fan of metalog, but it's been working with me for over a year. No reason to change.
_________________
Pork Chop Sandwiches, Oh Sh*t! |
|
| Back to top |
|
|
llsardonicll
Tux's lil' helper
Joined: 07 Oct 2004
Posts: 110
|
| Posted: Wed Nov 24, 2004 8:01 am Post subject: |
|
|
Almost sounds like mudslinging political propaganda... Metalog is for cancer!
Anyway, I use metalog and I've had no problems |
|
| Back to top |
|
|
Hackeron
Guru
Joined: 01 Nov 2002
Posts: 307
|
| Posted: Wed Nov 24, 2004 1:04 pm Post subject: |
|
|
| ryker wrote: | | I have used syslog-ng in the past without problems. On my last firewall/router setup, I decided to try metalog because it was suggested in the Gentoo install instructions. I haven't had any problems with it, but know I am worried. I'm considering removing metalog and installing syslog-ng after reading this thread. Can anyone tell me why I might choose to stick with metalog instead of using syslog-ng? |
If you would've asked me a week ago, I would be saying "your fault, works for me" or pointing out the excess level of emotion like Redeeman (nice one btw) or just dismissing it as FUD. The fact is many are not having problems with it, but you have 2 examples of it being able to take down a potential critical server.
Yes, I did present the problem like a petty child, but what would you say when its the reason for 2 days downtime of a critical server? - I had the feeling of finding the idiot that recommended metalog in the first place and beating the crap out of him -- instead, I used capitals and exclamation marks
The biggest problem with my experience is it failed after 2 weeks of working just fine, and I havent touched the PC during that time. I posted my configs and I used the latest stable version with nothing masked or hardmasked on the system at all. There are no objections to my config and even if someone analysis and find something potentially wrong (any takers?), why then did it work for 2 weeks?
Again, I cant stress enough there is no political or personal preference. I switched to syslog-ng strictly because metalog took down a critical server for a reason I'm yet to figure out, and I soon found out syslog-ng is superior in every aspect - Where are the politics? -- I dont work for syslog-ng, I dont know C, and I like the metalog community as they helped me with some problems on the forums.
After experiencing critical problems with it myself however, I found out while metalog is supposed to be a production level, stable piece of software, it has several experimental changes made to it on the CVS every so often with no QA and 100% of the reported bugs (some intermittent like mine) are just ignored. -- Certainly not something you want to have on a production server, and concidering that syslog-ng no longer lacks features in comparison to metalog, Im just giving a well substantiated warming to users and potential users of metalog. |
|
| Back to top |
|
|
waverider202
Tux's lil' helper
Joined: 25 Sep 2002
Posts: 146
Location: Drexel University
|
| Posted: Wed Nov 24, 2004 6:07 pm Post subject: performance |
|
|
metalog is a high performing syslog server. Why is it high performing? Its high performing cause it buffers the log entries for a period of time. It does occasional flushes to your hard disk. This delayed hard disk activity makes metalog perform a lot better than any other system logger. This is why people use it.
As for a critical server.....you wouldn't want to use metalog. If something goes wrong and your box goes down, you wouldn't know what happened. With the other loggers, you'd know exactly what went wrong.
For metalog itself, did anyone try running a trace on the program to see why it was taking so much resources? I've had occurences where X would randomly spin off into oblivion. I've had other software do the same thing from time to time. It sounds like this was a recuring event for the people that did have this issue, so what ways did you try to debug metalog itself?
Metalog doesn't get developed a lot, but how much does it need it? Yes, there are spiratic occurences where the service spins out of control, but if a developer can't replicate the problem, then they can't do anything about it. As for feature requests....its fast because it has no features. Its one feature that it has over every other logger increases performace at the expense of log integrity during a system crash.
_________________
 |
|
| Back to top |
|
|
Hackeron
Guru
Joined: 01 Nov 2002
Posts: 307
|
| Posted: Wed Nov 24, 2004 7:02 pm Post subject: Re: performance |
|
|
| waverider202 wrote: | | metalog is a high performing syslog server. Why is it high performing? Its high performing cause it buffers the log entries for a period of time. It does occasional flushes to your hard disk. This delayed hard disk activity makes metalog perform a lot better than any other system logger. This is why people use it. |
The default configuration these days disables the buffer and you can use a buffer with syslog-ng as well and it has a lot more control like logging to a database, etc. Infact you can use any logger to log to tmpfs or memfs and occationally flush so you can see whats going on in real time and still let drive spin down.
And really, think about it.. If the machine is busy, metalog will access drive every minute or so anyway. If the machine is not busy, you may get to see your critical messages only several days after the logger gets them (or never at all).
| Quote: | | As for a critical server.....you wouldn't want to use metalog. If something goes wrong and your box goes down, you wouldn't know what happened. With the other loggers, you'd know exactly what went wrong. |
First of all the default config now stops this, but really, if you want to use this behaviour you lose both the ability to debug system crash and lose the ability to see logs in real time. Seems like about as much of a tradeoff as simply not having a logger at all.
| Quote: | | For metalog itself, did anyone try running a trace on the program to see why it was taking so much resources? I've had occurences where X would randomly spin off into oblivion. I've had other software do the same thing from time to time. It sounds like this was a recuring event for the people that did have this issue, so what ways did you try to debug metalog itself? |
There is no X on that machine, and no I didnt try strace as the base system is compiled with -fomit-frame-pointer -- Who would've expected a critical bug in something as basic as a logger?
What I did do is disable the logger all together with liveCD (after having to put a cdrom drive in the machine), atleast then the machine booted. Then I simply started metalog with /etc/init.d/metalog start and my system started to lag badly until I stopped it. Nothing in logs, nor can anyone point something wrong in my configs.
| Quote: | | Metalog doesn't get developed a lot, but how much does it need it? Yes, there are spiratic occurences where the service spins out of control, but if a developer can't replicate the problem, then they can't do anything about it. As for feature requests....its fast because it has no features. Its one feature that it has over every other logger increases performace at the expense of log integrity during a system crash. |
Ah, its fast because it has less features? -- I agree to that, but that goes against the description in the install guide or portage: "A highly configurable replacement for syslogd/klogd"
Maybe that ought to be changed to "a stripped down performance logger with buffer".
Also, there are bug reports, some you can reproduce yourself, others give detail were things go wrong and what code is likely to blame. I suppose I could run strace and add yet another bug report. |
|
| Back to top |
|
|
forceflow2
Guru
Joined: 16 Apr 2003
Posts: 464
Location: South Carolina
|
| Posted: Wed Nov 24, 2004 8:29 pm Post subject: |
|
|
OMFG BUGX0RS!!!
MY SOFTWARE ISN'T COMPLETELY INFALLIBLE?!?!?!?!?!? NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!!!!
^^What your posts read as to me.
_________________
That rank under my username doesn't mean I know everything, it just means I ask a lot of questions. |
|
| Back to top |
|
|
Hackeron
Guru
Joined: 01 Nov 2002
Posts: 307
|
| Posted: Wed Nov 24, 2004 9:20 pm Post subject: |
|
|
| forceflow2 wrote: | OMFG BUGX0RS!!!
MY SOFTWARE ISN'T COMPLETELY INFALLIBLE?!?!?!?!?!? NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!!!!
^^What your posts read as to me. |
Monkey see, monkey do. Redeeman already said that and then Irrumator repeated, now you.
I most certainly expect the system logger not to kill my system. But where did I say I expect it to be completely infallible?
Redeeman uses the most experimental kernel patches and uses all hard masked software -- so ofcourse I expect him to break my balls about it, its all in good fun.
I however use strictly software marked stable on this server and I do infact expect rock stability from the software I use, or I wouldnt be using it. -- Various bugs are fine, but we are talking about a bug in the /logger/ that /kills/ the system , not a bug in a graphical toolkit that makes a box not always draw properly or a bug in application X that crashes if you do X -> Y -> Z..
You are using the Microsoft logic that if there are more bugs in linux software that in windows software it makes windows software better. Its not the amount, its the severity.
I'm talking about something you set up and expect to work for a decade despite any bugs not worked out -- a bug fix is more likely to introduce more bugs than it fixes. Redeeman with his hourly kernel re-compiles isnt familiar with the concept -- and bless him, let him find bugs in bleeding edge software - who knows he may find a security bug that applies to my version as well.
Now, if you are one of those infamous ricers, you are accustomed to instability in software marked stable, and think its normal. You may not understand this, and not much I can do but point you to http://funroll-loops.org/ -- but I do expect stability like most linux users. |
|
| Back to top |
|
|
forceflow2
Guru
Joined: 16 Apr 2003
Posts: 464
Location: South Carolina
|
| Posted: Wed Nov 24, 2004 9:53 pm Post subject: |
|
|
I like monkeys
Oh...also, I run the unstable arch (~x86) and haven't had many show stopper problems like what you describe...anyways...this topic was moot from the beginning.
_________________
That rank under my username doesn't mean I know everything, it just means I ask a lot of questions. |
|
| Back to top |
|
|
|
Networking & Security
