<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Helvetica Neue";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.p1, li.p1, div.p1
{mso-style-name:p1;
margin:0in;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:"Helvetica",sans-serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F4E79;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;
font-weight:normal;
font-style:normal;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;
font-weight:normal;
font-style:normal;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Naveen,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Need some additional information to help. How many messages per sec are arriving at your NG server? Can you post the section of the syslog-ng.conf file showing your sources?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:Consolas;color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas;color:#1F497D">Mark Schoonover – KA6WKE - Infrastructure Engineering Manager
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas;color:#1F497D">ENE : Tools, Instrumentation and Common Services Team<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Consolas;color:#1F497D">Office: 32.8697° N, 116.9711° W - Phone : 770-261-7934 - Email :
<a href="mailto:mark.schoonover@cigna.com"><span style="color:#0563C1">mark.schoonover@cigna.com</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D">HPSM Team: ENE NMS Engineering<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D"> </span></b><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D"><img border="0" width="96" height="61" id="Picture_x0020_1" src="cid:image002.png@01D3D32E.58B06D30" alt="vet"><o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#444444">Confidential, unpublished property of Cigna. Do not duplicate or distribute. Use and distribution limited solely to authorized personnel. © Copyright 2018
Cigna.</span></i><span style="font-family:Consolas;color:#1F497D"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu]
<b>On Behalf Of </b>Naveen Bhalla (nbhalla)<br>
<b>Sent:</b> Friday, April 13, 2018 10:43 AM<br>
<b>To:</b> syslog-ng@lists.balabit.hu<br>
<b>Subject:</b> Re: [syslog-ng] Support for Open Source Syslog-ng<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F497D">Team,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F497D"> Could you pls help us on below P1 situation for us?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:13.0pt;color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F497D"><img border="0" width="110" height="73" id="_x0000_i1025" src="cid:image003.png@01D3D32E.58B06D30" alt="http://wwwin.cisco.com/c/dam/cec/organizations/gmcc/services-tools/signaturetool/images/logo/logo_gradient.png"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:#1F3864">Naveen Bhalla</span></b><span style="font-size:12.0pt;color:#1F3864"> |
</span><span style="font-size:10.0pt;color:#1F3864">Manager.Technical Support</span><span style="font-size:12.0pt;color:#1F3864"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">CMS Platform Operations<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">Cell: +91-9880362157<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">Desk: +91-80-44260795<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Naveen Bhalla (nbhalla) <br>
<b>Sent:</b> 13 April 2018 09:14 PM<br>
<b>To:</b> 'support@balabit.com' <<a href="mailto:support@balabit.com">support@balabit.com</a>><br>
<b>Subject:</b> Support for Open Source Syslog-ng<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79">Hello Support Team,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79"> We have a situation in our platform where syslog-ng is dropping part of syslog traffic coming into our server. The syslog-ng has around 750 match rules in its configuration. Based on these
rules the syslogs are forwarded to the destinations. Also, there is one rule to write all the received syslogs to disk. We are receiving syslogs at the rate of 300 eps.
<o:p></o:p></span></p>
<p class="p1"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:#1F4E79"><o:p> </o:p></span></p>
<p class="p1"><span style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:#1F4E79">The issue is that we are seeing that syslog-ng is not able to process the syslogs and forward them to the destinations. It is not writing to the disk also. We are seeing
that there is a big delay after which some syslogs are getting written to the disk. We are seeing loss of UDP packets. The UDP buffer size is big enough.<o:p></o:p></span></p>
<p class="p1"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:9.0pt;background:#F1F1F1"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333">net.ipv4.tcp_rmem = 4096 4194304 16777216<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:9.0pt;background:#F1F1F1"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333">net.ipv4.tcp_wmem = 98304 4194304 16777216<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:9.0pt;background:#F1F1F1"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333">net.core.rmem_default = 234217728<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:9.0pt;background:#F1F1F1"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333">net.core.wmem_default = 234217728<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:9.0pt;background:#F1F1F1"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333">net.core.rmem_max = 234217728<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:9.0pt;background:#F1F1F1"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333">net.core.wmem_max = 234217728<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:9.0pt;background:#F1F1F1"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333">net.ipv4.tcp_window_scaling = 1<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:9.0pt;background:#F1F1F1"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333">net.ipv4.ip_local_port_range = 32768 61000<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:9.0pt;background:#F1F1F1"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333">fs.file-max = 2097152<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:9.0pt;background:#F1F1F1"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333">net.core.optmem_max = 40960<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:9.0pt;background:#F1F1F1"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333">net.core.netdev_max_backlog = 50000<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:9.0pt;background:#F1F1F1"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333">net.ipv4.udp_rmem_min = 8192<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:9.0pt;background:#F1F1F1"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:#333333">net.ipv4.udp_wmem_min = 8192<o:p></o:p></span></p>
<p class="p1"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79">We need help to resolve this issue.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79">We are using open-source syslog-ng in our setup.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F4E79"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:13.0pt;color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F497D"><img border="0" width="110" height="73" id="Picture_x0020_4" src="cid:image003.png@01D3D32E.58B06D30" alt="http://wwwin.cisco.com/c/dam/cec/organizations/gmcc/services-tools/signaturetool/images/logo/logo_gradient.png"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:#1F3864">Naveen Bhalla</span></b><span style="font-size:12.0pt;color:#1F3864"> |
</span><span style="font-size:10.0pt;color:#1F3864">Manager.Technical Support</span><span style="font-size:12.0pt;color:#1F3864"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">CMS Platform Operations<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">Cell: +91-9880362157<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">Desk: +91-80-44260795<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<P>------------------------------------------------------------------------------<br>CONFIDENTIALITY NOTICE: If you have received this email in error,<br>please immediately notify the sender by e-mail at the address shown. <br>This email transmission may contain confidential information. This <br>information is intended only for the use of the individual(s) or entity to <br>whom it is intended even if addressed incorrectly. Please delete it from <br>your files if you are not the intended recipient. Thank you for your <br>compliance. Copyright (c) 2018 Cigna<br>==============================================================================</P></body>
</html>