On Mon, Sep 22, 2003 at 10:37:13AM -0600, Wayne Sweatt wrote:
Here's the sad part: I tested with the old syslogd, and it logged only 73% of the UDP logs. (Had one entry, plus a "repeated 72 times" line) So it looks like a system problem, just not sure where it is. I tried upping the sync(), and it didn't seem to help either. I have the /var partition on it's own 10K SCSI drive, so I doubt it's a disk I/O issue - iostat looks ok too. I tries turning the use_dns() on/off too. It doesn't even log with it off, I guess because I have the dns_cache on which must conflict.(?) I have plenty of memory and swap. Actually I've ge the system JASS'ed out, so I'm not running much of anything process-wise, except Syslog-ng. Any debugging suggestions?
probably syslog-ng (e.g. your CPU) is not fast enough to fetch messages from the receive buffer. Increasing the UDP receive buffer could help you to a point, but if the incoming rate is higher than the rate syslog-ng is processing traffic there's nothing you could do. Does your CPU have idle time in vmstat? Another possibility is that syslog-ng is waiting for something and this slows down processing. I don't know if truss is able to print timestamps to system calls, strace on Linux can do this and might help you to debug what makes syslog-ng wait. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1