Hello Laszlo, what role/s can NFS play on data that was received on the interface but couldn't be written, for example, this case mentioned here? Hello Harish, is your traffic UDP/TCP and the host in this a virtual machine? Have you tried any tuning so far? Thank you. On Thu, Sep 20, 2018 at 3:57 AM Budai, László <laszlo.budai@oneidentity.com> wrote:
Hi,
there can be many reasons... (are you using network filesystem?)
Base on your other question you have a filter. Could you share your configuration?
syslog-ng provides statistics on filters (match/unmatch), but only from stats-level-2 (and as I remember from version 3.10), example cfg: @version: 3.17
@include "scl.conf"
options { stats-level(2); };
source s_net { network( port(5555) transport("tcp") ); };
destination d_net { network( "localhost" port(15554) transport(tcp) ); };
filter f_test { match("TEST" value(MESSAGE)) };
log { source(s_net); filter(f_test); destination(d_net); flags(flow-control); };
and then:
sbin/syslog-ng-ctl query get 'filter.f_test.*'
L.
On Thu, Sep 20, 2018 at 12:31 PM, Harish Shetty <harish23shetty@gmail.com> wrote:
Hi All
I have syslog-ng (syslog-ng-3.9.1-1.el6.x86_64) which is running on Red Hat 6.6. I have rule defined as mentioned below
destination d_networkx { file("/mnt/u001/syslog/$HOST/$YEAR$MONTH$DAY/network.log"); };
But syslog-ng is unable to write some logs to local file even though we see those logs in the tcpdump? What could be causing this.
And one more thing need to know , is ther any way to check per filter (d_networkx) how many we received and how many we Processed(wrote) to a file
Regards Harish Shetty
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Thanks, Vijay Amrut.