I'm using syslogd (package sysklogd) on Ubuntu VBox vm for logging messages from remote host: VBox vm Windows xp java application with log4j syslog appender. I send 10 messages with timeout 100 milliseconds, all ok, but syslogd writes them into log file very slow, 1 record in 5 seconds. I used wireshark on both virtual machines, all udp packages go without any timeout, so problem in syslog.
May 17 17:05:09 192.168.130.198 16:57:48,055 ...| Test message ¹0
May 17 17:05:14 192.168.130.198 16:57:48,155 ...| Test message ¹1
May 17 17:05:19 192.168.130.198 16:57:48,255 ...| Test message ¹2
All other messages seems to be cached by syslog.
Question:
How can I eliminate this delay? I'm going to write log messages from cluster of application servers into one log file. Does syslog able to process 500-1000 udp log messages in second?
Just stumbled upon this question after exactly the same problem, and subsequently found that it was due to delay and failure in reverse DNS lookup by the log server.
For sysklogd, a quick fix (without setting up a DNS server for internal network) which worked for me was adding an entry, e.g.
192.168.130.198 any-hostname
in /etc/hosts.