On Mon, 2007-01-29 at 17:54 -0300, Federico Petronio wrote:
In our case "high volume" is 83 pps (4 MB/hour) peaks probably are higher but I don't have the number. As a test, we block with iptables the incoming packets from the new host. After doing that, no other log was miss, that's why we guess the problems is with the syslog buffer or something related to it.
We also run the command "netstat -su" with the following result:
Udp: 231803397 packets received 6022 packets to unknown port received. 123643084 packet receive errors 117398380 packets sent
In this Debian Linux the output is different and not as detailed as the one you showed, but it shows that 50% of the UDP packets has some kind of problem. Do you know exactly what kind of problems generates "packet receive errors";
try to increase the socket receive buffer. You can do that with so_rcvbuf() option in syslog-ng, but you can tweak kernel tunables as well. -- Bazsi