[syslog-ng]Dropping entries.

[Scott A. McIntyre]

Hi,

I'm trying to use syslog-ng as a syslog sink for a number of boxes, but
I've found that something in the chain is dropping some number of the
syslog events.

Specifically, I've got 10 mail servers all logging their sendmail's into
one file on the syslog sink -- much easier to parse this way.
Unfortunately, I've discovered that a number of entries were logged on
the local box were dropped somewhere on their way to the Big Log file on
the syslog-ng machine.

Is there anything I can try to make sure this doesn't happen? Any
options I can tweak, that sort of thing.  Would logging to individual
files on a host by host basis be better, coupled with sylog-ng
monitoring those local files to concatenate them all into one larger
file?

It may very well be a case of UDP getting lost on a busy network, but
I'd like to do everything I can on the syslog-ng side first.

Thanks,

Scott