On Tue, Jan 30, 2007 at 06:34:09PM +0100, Balazs Scheidler wrote:
try to increase the socket receive buffer. You can do that with so_rcvbuf() option in syslog-ng, but you can tweak kernel tunables as well.
At my current job, I was never able to handle my syslog spikes with UDP, even after increasing the UDP receive buffer. My troubles didn't go away until I deployed syslog-ng everywhere and used TCP for all syslog traffic (from UNIX hosts anyways). I only mention this because I want to make it crystal clear that you'll probably see the same problems after deploying syslog-ng on your central log server(s). The problem is lower in the stack than that. If this was already clear to you, then sorry for the wasted bandwidth. :) HTH, -- Nate "Do the right thing. It will gratify some people and astonish the rest." - Samuel Clemens