On Wed, Apr 15, 2015 at 4:35 PM, Matt Zagrabelny <mzagrabe@d.umn.edu> wrote:
On Wed, Apr 15, 2015 at 11:16 AM, Andrew Bell <abell@factset.com> wrote:
Also would like to throw out that I am open to using strace or some other debug hook program to figure out the cause here if that would help better, just would like a pointer as to how I would go about using it to identify dropped logs.
I wrote a small perl program (attached) to query syslog-ng-ctl and netstat to see buffer sizes and thus identify if logs are being dropped.
It loops forever and once a second (or defined interval) it runs:
syslog-ng-ctl to get the UDP messages processed syslog-ng-ctl to get the TLS (TCP) messages processed netstat to get the UDP errors netstat to get the UDP packets received
It then prints out the rate of change of those four values and you can see if the "graph" is plateauing - which for the logs processed indicates some sort of bottleneck - or if there are peaks and valleys which indicate syslog-ng is able to handle the load.
-m
Fantastic work Matt ... I am testing your script in a syslog-ng collector server: Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 2, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 2, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 Rate of UDP packet RX: 0, Rate of UDP packet RX errors: 0 .. and only shows me UDP stats. What about TCP stats?? I am receiving logs via TCP in this host ...