We are using
syslog-ng in a test lab environment to get syslog messages out of the testlab
into another environment. So several systems are forwarding messages to a
bastion host of sorts, which then forwards by traversing a firewall to
another host. The messages have to traverse a firewall (NAT). We decided to use
TCP because it is a bit easier to get past the security guys. We have noticed
behavior which is the nature of TCP. Of several (lines) of a syslog message
ending up in the same packet (using a sniffer). Although interesting, this is
not the problem. We have noticed that some messages are getting lost. So the
questions.
a) Can we change
something to have one message per packet with syslog-ng
settings.
b) Has anyone else
seen this behavior (or is anyone even using TCP)?
c) Any other clues
as to why a TCP session that is stable would drop
packets?