I was looking for information on the behavior of the standard logd in OpenWRT when I have defined a remote syslog server and the connection gets lost -> e.g. the remote syslog server is on a OpenVPN connection via WAN.
What happens to the messages that gets reported to logd during the connection to the remote syslog server is lost? It looks like this messages never get delivered and are lost 
Is there a way to circumvent this problem with logd or would I need to switch to syslog-ng or another syslog daemon for more options on the behaviour?
If you use UDP then it only send the message once but no one will ever know if anyone listened and received the message.
If you use TCP the message will be delivered to the receiver and confirmed.
But using a VPN to logserver can be a problem itself because the tunnel must always every second be alive 24/7 and can never ever be turned off.
thanks @flygarn12
Good point with using TCP instead of UDP.
Is there any "queue" where the message will be queued if the connection to the remote server is interrupted and then retried after the connection is established again? I know that syslog-ng has such a behavior.
I will make some tests with logd and UDP vs. TCP etc.
My experience with TCP is yes, once the server is online again after a server reboot all buffered messages will be delivered to the server.
But of course it will be limitations for this and you can’t turn off the server for a couple of days and expect a week of message buffer to survive.
You also must take note what actual timestamp the message have if it is the received time or registered time or some other time?
1 Like
Thanks @flygarn12 I haven't checked the timestamps yet, but the TCP buffering is already helping me a lot 
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.