Do you have any tuning magic in your syslog-ng config? Or any other configuration changes in the os? Or are most of your logs from a single server? My setup here is pretty much normal... a big server, gigabit Ethernet and 400 log hosts. Don't know where to search for the problem. -----Ursprüngliche Nachricht----- Von: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] Im Auftrag von Martin Holste Gesendet: Dienstag, 6. März 2012 15:44 An: Syslog-ng users' and developers' mailing list Betreff: Re: [syslog-ng] Losing to much remote sent logs
For a benchmark, I have stressed (10 000 to 20 000msg/sec) a syslogd server which transmits all logs it received to a Syslog-NG server over udp. I was able to reach a score of 90% of lost messages.
udp is very good way to have problem with your log management solution I think.
That doesn't sound right at all. We get much better performance with UDP: zero drops at around 15k/sec with a lot of bursting to over 20k. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq