delayed log rotation during heavy logging volume #738
Comments
|
When this happens, are you logs also behind? Like the logger rotating 38 minutes late, was the log for the particular log type that rotated late actually writing out logs that were 38 minutes behind too? |
|
Yes, we also see noticeable lag in the logs (indicated by the write_ts value in JSON as well as the bulk of the timestamps in the ts field for otherwise very short connections). |
|
That sounds like general overload then, as everything seems to be behind. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When Zeek is under heavy logging volume, I have noticed logs do not rotate at the set time. We rotate every 15 minutes, but sometimes see logs rotate a few minutes late, or 30+ minutes late. While testing pooled loggers, I noticed one logger instance rotated logs 38 minutes late (thus missing two expected log rotation cycles) and the other instance didn't rotate after an hour.
This has happened across a number of versions. There are no errors in reporter.log or std*.log.
The text was updated successfully, but these errors were encountered: