Naveen,

 

Need some additional information to help. How many messages per sec are arriving at your NG server? Can you post the section of the syslog-ng.conf file showing your sources?

 

Regards,

 

Mark Schoonover – KA6WKE - Infrastructure Engineering Manager     

ENE   : Tools, Instrumentation and Common Services Team

Office: 32.8697° N, 116.9711° W - Phone : 770-261-7934 - Email : mark.schoonover@cigna.com

HPSM Team: ENE NMS Engineering

                  vet

 

Confidential, unpublished property of Cigna. Do not duplicate or distribute. Use and distribution limited solely to authorized personnel. © Copyright 2018 Cigna.

 

From: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Naveen Bhalla (nbhalla)
Sent: Friday, April 13, 2018 10:43 AM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng] Support for Open Source Syslog-ng

 

Team,

    Could you pls help us on below P1 situation for us?

 

 

 

Regards,

 

http://wwwin.cisco.com/c/dam/cec/organizations/gmcc/services-tools/signaturetool/images/logo/logo_gradient.png

Naveen Bhalla | Manager.Technical Support

CMS Platform Operations

 

Cell:  +91-9880362157

Desk: +91-80-44260795

 

From: Naveen Bhalla (nbhalla)
Sent: 13 April 2018 09:14 PM
To: 'support@balabit.com' <support@balabit.com>
Subject: Support for Open Source Syslog-ng

 

Hello Support Team,

     We have a situation in our platform where syslog-ng is dropping part of syslog traffic coming into our server. The syslog-ng has around 750 match rules in its configuration. Based on these rules the syslogs are forwarded to the destinations. Also, there is one rule to write all the received syslogs to disk. We are receiving syslogs at the rate of 300 eps.

 

The issue is that we are seeing that syslog-ng is not able to process the syslogs and forward them to the destinations. It is not writing to the disk also. We are seeing that there is a big delay after which some syslogs are getting written to the disk. We are seeing loss of UDP packets. The UDP buffer size is big enough.

 

net.ipv4.tcp_rmem = 4096 4194304 16777216

net.ipv4.tcp_wmem = 98304 4194304 16777216

net.core.rmem_default = 234217728

net.core.wmem_default = 234217728

net.core.rmem_max =  234217728

net.core.wmem_max = 234217728

net.ipv4.tcp_window_scaling = 1

net.ipv4.ip_local_port_range = 32768 61000

fs.file-max = 2097152

net.core.optmem_max = 40960

net.core.netdev_max_backlog = 50000

net.ipv4.udp_rmem_min = 8192

net.ipv4.udp_wmem_min = 8192

 

We need help to resolve this issue.

 

 

We are using open-source syslog-ng in our setup.

 

 

 

Regards,

 

http://wwwin.cisco.com/c/dam/cec/organizations/gmcc/services-tools/signaturetool/images/logo/logo_gradient.png

Naveen Bhalla | Manager.Technical Support

CMS Platform Operations

 

Cell:  +91-9880362157

Desk: +91-80-44260795

 

------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: If you have received this email in error,
please immediately notify the sender by e-mail at the address shown. 
This email transmission may contain confidential information.  This
information is intended only for the use of the individual(s) or entity to
whom it is intended even if addressed incorrectly.  Please delete it from
your files if you are not the intended recipient.  Thank you for your
compliance.  Copyright (c) 2018 Cigna
==============================================================================