Hi, Arya, Manish Kumar <m.arya@yahoo.com> [20061110 01:11:54 -0800]:
Hi,
I have 3 syslog listeners (solaris 10 ) collecting log events from about 20,000 devices and fwding them on a central syslog box (solaris 10, 16 gb RAM and 3TB SAN storage) . the central syslog box stores them in oracle db and on filesystem.
I notice that events from many devices are being droped on central syslog box. I thought it might be because of udp protocol, but even after enabling tcp its droping events. I can see that events come on listeners boxes (I created temp file logs there)
please tell me what could be missing.
Munching through the mailing list archives ;) https://lists.balabit.hu/pipermail/syslog-ng/2006-May/008836.html Sounds like, what DB monkeys call, 'SQL Exhaustion' or something. You SQL database is slowing up the whole process...mainly as SQL is not suitable for *live* realtime processing, thats my opinion though. Cheers Alex
Regards, -Manish
____________________________________________________________________________________ Want to start your own business? Learn how on Yahoo! Small Business. http://smallbusiness.yahoo.com/r-index _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html