How do you know messages are dropped? On Apr 22, 2013 4:24 PM, "Davide D'Amico" <davide.damico@gmail.com> wrote:
Hi, I'm using syslog-ng OSE 3.3.8 on a FreeBSD 9.1 amd64 box on a centralized server (DELL R610, 32GB ram, ZFS with compressed filesystem) and 150 servers with syslog-ng that logs locally and send remotely their logs stream to the centralized syslog-ng. Sometime I see packets dropped, so I think I'm missing something on its configuration.
That's what I'm using: - generic server: @version: 3.3
options { perm(0644); dir_perm(0750); create_dirs(yes); group (logs); dir_group (logs); log_fifo_size(10000); use_fqdn(yes); keep_hostname(yes); chain_hostnames(no); stats_freq(3600); };
source s_local { unix-dgram("/var/run/log"); unix-dgram("/var/run/logpriv" perm(0600)); internal(); file("/dev/klog"); };
destination d_local { file("/var/log/syslog-ng/$YEAR/$MONTH/$DAY/$FACILITY.log"); };
destination d_remote { tcp("10.0.0.9" port(514)); };
log { source(s_local); destination(d_local); destination(d_remote); };
- centralized log server: @version: 3.3
options { perm(0644); dir_perm(0755); create_dirs(yes); group (logs); dir_group (logs); use_fqdn(yes); keep_hostname(yes); chain_hostnames(no); stats_freq(120); log_fifo_size(10000); frac_digits(3); };
source s_local { unix-dgram("/var/run/log" max_connections(20)); unix-dgram("/var/run/logpriv" perm(0600) max_connections(20)); internal(); file("/dev/klog"); };
filter f_localhost { netmask( "127.0.0.1" ); };
filter f_network6 { netmask( "172.16.6.0/255.255.255.0" ); };
destination d_local { file("/tank/syslog/custom/localhost/$YEAR/$MONTH/$DAY/$FACILITY.log"); };
source s_network { udp(ip("10.0.0.9") so_rcvbuf(16777216)); tcp(ip("10.0.0.9") port(514) log_fetch_limit(100) max_connections(200) log_iw_size(20000) so_rcvbuf(16777216)); };
filter f_www_host { host("www1.domain.lan") or host("www2.domain.lan") or host("www3.domain.lan"); };
[...]
filter f_www_fac { facility(local6); };
[...]
destination d_www { file("/tank/syslog-ng/custom/www/$YEAR/$MONTH/$DAY/$FACILITY.log"); };
[...]
log { source(s_network); filter(f_www_host); filter(f_www_fac); destination(d_www); };
Thanks, -- d.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq