Eenvironment :
> under linux
> 1 central log-collecting server.syslog-ng
2 client: syslog sending logs to
central log-collecting server.
The syslog-ng server configuration:
> options { use_dns(no);
create_dirs(yes);ts_format(iso); };
> source src { udp(ip(
>
> filter f_kern { facility(kern); };
> filter f_authpriv { facility(auth,authpriv); };
> filter f_mail { facility(mail); };
> filter f_cron { facility(cron); };
> filter f_boot { facility(local7); };
> filter f_spooler { facility(uucp, news) and
level(crit..emerg); };
> filter f_messages { level(info..emerg) and not
facility(authpriv, cron, mail); };
> destination kern {
file("/home/syslog-ng/$YEAR/$HOST/kernel-$MONTH"); };
> destination authpriv {
file("/home/syslog-ng/$YEAR/$HOST/secure-$MONTH"); };
> destination mail {
file("/home/syslog-ng/$YEAR/$HOST/maillog-$MONTH"); };
> destination cron {
file("/home/syslog-ng/$YEAR/$HOST/cron-$MONTH"); };
> destination boot{
file("/home/syslog-ng/$YEAR/$HOST/boot.log-$MONTH"); };
> destination spooler { file("/home/syslog-ng/$YEAR/$HOST/spooler-$MONTH");
};
destination messages {
file("/home/syslog-ng/$YEAR/$HOST/messages-$MONTH"); };
> log { source(src); filter(f_kern); destination(kern);
};>
> log { source(src); filter(f_authpriv);
destination(authpriv); };>
> log { source(src); filter(f_mail); destination(mail);
};>
> log { source(src); filter(f_cron); destination(cron);
};>
> log { source(src); filter(f_boot); destination(boot);
};>
> log { source(src); filter(f_spooler);
destination(spooler); };
> log { source(src); filter(f_messages);
destination(messages); };>
QUESTION:
I used the syslog-ng to collect logs from about 1000 clients,while there are many
udp packets receive erros:
# netstat –su
# Udp:
41200545 packets
received
0 packets to
unknown port received.
410733273 packet
receive errors
21311935 packets
sent
I think it means many log sending by the client
are not received by syslog-ng successfully,
How can I resolve this problems?