Hi all!

I have a strange problem with syslog. If I produce many syslog entries
in a short time, some get lost. I will append a program to test this. You
have to pass 1000 better 10000 as argv[1] (the number of log entries
written in sequence) to see the problem on a "Intel Pentium (P54C)
(586-class)"

Yes I know that it is not nice to syslog so many entries in such a short
time, but wouldn't this a way for a hacker to obscure his traces?

Sorry I am not familiar with the detailed data flow in this case, but the
effect may come from using a UNIX domain datagram socket to transfer log
entries to syslog. If so, is there a cheap way to spend more resources to
that, so the problem ocure not so frequently. In know that this would
not be a secure solution, but it can help us debugging (yes some colleges
used syslog to trace the program execution ;-).

Regards
Bernd

The Test Program:

#include <syslog.h>
#include <varargs.h>

int
main(
    int argc,
    char ** argv)
{
  int cnt = atoi(argv[1]);
  char * filler =
      "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";

  filler = "";

  while (cnt > 0)
  {
    syslog(LOG_DEBUG|LOG_LOCAL0, "msg nr from c (%s) %d", filler, cnt--);
  }
}