On Fri, 2012-03-02 at 08:59 -0600, Martin Holste wrote:
If possible, I would try swapping the $HOST macro for $SOURCEIP to avoid doing any DNS lookups, cached or not. It's unlikely to help, but it sounds like you've already tried the basic tuning things. I will say that I'm very surprised you're losing log lines. What is your peak logs per second, and how long are the peaks?
syslog-ng _always_ resolves names if use_dns() is enabled, regardless of the macros used later. This is because it is one of the first things that syslog-ng does after receiving a message, much earlier than actually producing an output, which possibly includes $HOST. Anyway, DNS lookups are cached, and that should cover the most obvious performance problems with DNS. -- Bazsi