Hi, From: Balazs Scheidler <bazsi@balabit.hu> Subject: Re: [syslog-ng] Using syslog-ng for NAS Date: Mon, 11 Oct 1999 22:27:08 +0200
Hi,
The Balabit syslog-ng can be relaying UDP to TCP.
source and destination syntax eg.) Syntax: udp <ipaddr>,<port>; Sends messages to the given host & port using UDP datagrams. Example: udp 193.6.40.37,514;
Is it the best for this situation ?
It depends on which version you are talking about. Version 1.0.x defined the UDP destination exactly as you wrote above, but 1.1.xx uses a new syntax:
udp(<hostname> port(<udpport>));
(1) old syslogd style
[NAS]........UDP......................... .<Drop!> [NAS]........UDP.........................[Syslog]----IO->(Disk) .<Drop!> [NAS]........UDP.........................
NAS: Network Access Server
(2) using syslog-ng
<Buffered?+Relay!> vvvvvvvvv [NAS]........UDP..[Syslog-ng]______TCP___ . \ [NAS]........UDP. [Syslog-ng]--IO->(Disk) ______ ___/ [NAS]........UDP..[Syslog-ng] TCP ^^^^^^^^^ <Buffered?+Relay!>
It's correct?
I want to understand that cause of dropping UDP on syslog. (the cause is the UDP stack on kernel(OS)?)
UDP by definition is a connectionless protocol, and it's possible that packets get lost while transmission. If syslog-ng is put directly beside the NAS (e.g. same ethernet segment) and log traffic is relayed using a TCP connection, it may help. But the buffers in syslog-ng are not unlimited, so if your network segment is overloaded, TCP transport will not help, and even may make the situation worse.
OK, I'm try it :) Regards, ----- IRI [Internet Research Institute,Inc.] Naoto MATSUMOTO <not@iri.co.jp>