My apologies if this has been discussed, as I haven't been able to find anything useful via google or the FM... Syoposis: Syslog-ng drops something on the order of 90% of the logs remotely flung at it. Detail: I'm using syslog-ng 1.5.15 from the Debian stable package archive. I've been tasked with setting up two remote log servers for my employer; both log servers have fairly beefy IDE raids (IOZone gives me an unbuffered write speed of about 40M/sec), and as far as I can tell with vmstat(8) and Our Friend top(1), syslog-ng isn't running into any I/O bottlenecks. The systems have insane CPUs (Athlon XP 2000) and 512M RAM a pop, which considering their intended tasks (syslog and serial console server), should be more than adequate. I've set up several systems to push their logs onto the log server; a Solaris 8 (with native syslog) box, a Debian Linux box (native syslog again), and a Debian Linux box using syslog-ng. Yet syslog-ng seems to dump between 75% and 90% of all the logs handed to it on the floor. Several of the systems we wish to have logging to syslog will throw out about a thousand lines within a second or two, and this is where most of our problems come in. I've tried both TCP and UDP; TCP barely seems to work at all -- I can throw a thousand lines in on one end, see them in the logfile, and see one line of output out on the other side. I've futzed a bit with the FIFO size and the gc_idle/gc_busy numbers, but the latter two are more-or-less undocumented in the manual, so I have no idea what they really do (no units or anything), and the code regarding them is a bit too complex for me to read. I've been googling and chomping upon the syslog-ng documentation for about the past two weeks, and have yet to find a solution. Any suggestions? An FM for me to read? A USENET article I missed? Thanks-in-advance! -- Don Werve <donw@examen.com> (Unix System Administrator) Yorn desh born, der ritt de gitt der gue, Orn desh, dee born desh, de umn bork! bork! bork!