The 'tcim server' will only have 1 connection from the 'central log server', no matter if theres one device or 4000.

-Patrick

Sent: Sun Oct 03 2010 23:14:20 GMT-0600 (Mountain Daylight Time)
From: anushri kannu <svanushri0514@gmail.com>
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng] syslog-ng issue collecting logs

Hi Every one...

As i am new to this concept,Kindly help on this

All the syslog-ng client forward logs to centralized log server-- works fine.

centralized log server forward logs to tcim server -- works fine for solaris server and other network device--

>From centralized log server to tcim server -- issue ( not collecting logs for linux servers in tcim server )

Centralized log server forward all the logs to tcim server, In Tcim server 4000 devices are configured to collect logs from centralized log server, However in TCIM sever option for log_fifo_size ( 1000) defined and did not mention any variable as max_conncection. Will this affect logs fails to collect from centralized log to tcim server.

Below options defined in tcim server.

options {
        sync (0);
        time_reopen (10);
        log_fifo_size (1000);
        long_hostnames (off);
#       use_dns (no);
        use_dns (yes);
        use_fqdn (no);
        create_dirs (no);
        keep_hostname (yes);
};

source src {
        udp();
        tcp(port(514) keep-alive(yes));

};

1. If i increase the max-connection(4000 ). do we need to declare below variable like this...... (User requested me to define the below value. in tcim server.)

Since i am new to this, Please advice.

if i declare the below variable, will server get hangs. this is very critical server.

log_fifo_size=4000000
log_iw_size=1000
max-connection(4000)

Thanks in advance.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

  