On Fri, 2011-08-26 at 08:56 -0500, Aldrich, Jamie S wrote:
We are not writing these specific logs to the /var/adm/messages, but to a LogLogic devices. Here is the syslog-ng.conf file part that handles these logs.
source s_file { file("/psfs_logs/APPSRV_current.LOG" flags(no-parse)); };
destination d_messages{ udp("10.13.33.11"); };
log { source(s_file); destination(d_messages); };
UDP is not reliable, and you could be surprised how much it is unreliable. I've seen udp transports to drop over 90% of the traffic. It can be improved somewhat by increasing the receive buffer size (so_rcvbuf() option in syslog-ng, but kernel limits may have to be adjusted as well). Google for udp receive buffer syslog-ng, and you'll get a number of pages that describe the issue. -- Bazsi