On Fri, Oct 15, 2010 at 05:01:27PM -0400, Lars Kellogg-Stedman wrote:
file. What network adapter and Ethernet driver does the machine use?
This is a Dell R610, which reports:
Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet
The kernel is using the "bnx2" driver. There doesn't appear to be a problem getting packets from the network to a user space program like awk or netcat.
Yeah I understand that they seem to be getting to user space OK. But in past work I have seen different Ethernet adapters which caused stack misbehavior because their drivers were bad. So I wanted to be sure you were not running one of the adapters which had caused problems for me when I used to work on a Linux based firewall appliance.
Which operating system?
Linux (CentOS 5.5).
OK. RHEL 5 is kind of ancient unfortunately. I've seen it cause problems for me before. Is there any possibility to try Ubuntu 10.04 LTS or something else to help narrow down the problem, or do some sort of profiling?
Trying various values for log_fetch_limit() didn't appear to have much impact on things, but absent some guidance on what would constitute sensible numbers I was sort of flailing around.
Fair enough.
Can you profile syslog-ng using oprofile or the various built in profiling and debugging options in its configure script? Can you check if the CFLAGS look good?
I'm using the binary packages from balabit.com. If these aren't optimally built, I'm looking at the wrong product.
Not every build can be optimal for every situation. This is open source. If it doesn't work, then you are going to have to help do some of the troubleshooting, unless you feel like buying a support contract. There are some dedicated people here who want to help but you have to work with us too. Matthew.