How do you know messages are dropped?

On Apr 22, 2013 4:24 PM, "Davide D'Amico" <davide.damico@gmail.com> wrote:
Hi, I'm using syslog-ng OSE 3.3.8 on a FreeBSD 9.1 amd64 box on a centralized server (DELL R610, 32GB ram, ZFS with compressed filesystem) and 150 servers with syslog-ng that logs locally and send remotely their logs stream to the centralized syslog-ng.
Sometime I see packets dropped, so I think I'm missing something on its configuration.

That's what I'm using:
- generic server:
@version: 3.3

options {
  perm(0644);
  dir_perm(0750);
  create_dirs(yes);
  group (logs);
  dir_group (logs);
  log_fifo_size(10000);
  use_fqdn(yes);
  keep_hostname(yes);
  chain_hostnames(no);
  stats_freq(3600);
};

source s_local {
  unix-dgram("/var/run/log");
  unix-dgram("/var/run/logpriv" perm(0600));
  internal();
  file("/dev/klog");
};

destination d_local {
  file("/var/log/syslog-ng/$YEAR/$MONTH/$DAY/$FACILITY.log");
};

destination d_remote {
  tcp("10.0.0.9" port(514));
};

log {
  source(s_local);
  destination(d_local);
  destination(d_remote);
};

- centralized log server:
@version: 3.3

options {
  perm(0644);
  dir_perm(0755);
  create_dirs(yes);
  group (logs);
  dir_group (logs);
  use_fqdn(yes);
  keep_hostname(yes);
  chain_hostnames(no);
  stats_freq(120);
  log_fifo_size(10000);
  frac_digits(3);
};

source s_local { 
  unix-dgram("/var/run/log" max_connections(20));
  unix-dgram("/var/run/logpriv" perm(0600) max_connections(20));
  internal();
  file("/dev/klog");
};

filter f_localhost {
  netmask( "127.0.0.1" );
};

filter f_network6 {
  netmask( "172.16.6.0/255.255.255.0" );
};

destination d_local { 
  file("/tank/syslog/custom/localhost/$YEAR/$MONTH/$DAY/$FACILITY.log");
};

source s_network {
        udp(ip("10.0.0.9") so_rcvbuf(16777216));
        tcp(ip("10.0.0.9") port(514) log_fetch_limit(100) max_connections(200) log_iw_size(20000) so_rcvbuf(16777216));
};

filter f_www_host { 
  host("www1.domain.lan") or host("www2.domain.lan") or host("www3.domain.lan");
};

[...]

filter f_www_fac {
  facility(local6);
};

[...]

destination d_www { 
  file("/tank/syslog-ng/custom/www/$YEAR/$MONTH/$DAY/$FACILITY.log");
};

[...]

log {
  source(s_network);
  filter(f_www_host);
  filter(f_www_fac);
  destination(d_www);
};

 
Thanks,
--
d.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq