Hello, On Wed, Nov 10, 2010 at 9:04 AM, add gy <addyg420@yahoo.com> wrote:
Hi,
I have installed syslog-ng on RHEL server as log host server for 250 router , switches but some time i recive messages some times i dont , when i check it on other syslog server on windows i revice syslog messages with any problem.
First you should check that the messages actually reach the host syslog-ng is running on. I guess your devices are using UDP otherwise with your config syslog-ng would reject a lot ot incoming TCP connections because you haven't raised the default value of max_connections() for your tcp() source. The default setting of max_connections for tcp sources is 10. When the logs reach your server and you're using UDP for the log transport then it could happen that the kernel is dropping the packets when the receive buffer is full. If you see significant log loss and syslog-ng doesn't complain about dropped logs in its log statistics then you should raise the size of the receive buffer using the so_rcvbuf() option. Regards, Sandor