Lots of dropped=tcp(AF_INET(
Hello I have two hosts on my LAN running syslog-ng. Host A acts as central loghost and host B sends its log messages via tcp/ip network connection to host A to store. The issue is that I've got a lot of messages like this one (and almost no normal ones) generated by host B: Aug 19 19:25:23 xerxes syslog-ng[20806]: Log statistics; dropped='tcp(AF_INET(217.117.75.2:1999))=0', processed='center(queued)=112', processed='center(receive d)=23', processed='destination(newsnotice)=0', processed='destination(console)=0', processed='destination(debug)=23', processed='destination(mailinfo)=0', proc essed='destination(mail)=0', processed='destination(user)=0', processed='destination(newserr)=0', processed='destination(newscrit)=0', processed='destination(u ucp)=0', processed='destination(messages)=19', processed='destination(mailwarn)=0', processed='destination(ppp)=1', processed='destination(loghost)=23', proces sed='destination(lpr)=0', processed='destination(cron)=0', processed='destination(syslog)=23', processed='destination(authlog)=0', processed='destination(maile rr)=0', processed='destination(kern)=0', processed='destination(daemon)=0', processed='destination(xconsole)=0', processed='destination(console_all)=23', proce ssed='source(net)=0', processed='s While it is obvious that dropped tcp speaks of network issues it isn't really clear to me (being a novice syslog-ng user) what exactly goes wrong here. So, could you please explain what's wrong with host B and how I can fix that? -- Ivan Lezhnjov Jr. Europe, Ukraine, Simferopol Running Source Mage GNU/Linux, kernel version 2.6.24 build #5 +----------------------------------------------------------------------+ Key ID 0x5811D90C Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C Use GPG Exercise Your Right To Privacy
Hi,
The issue is that I've got a lot of messages like this one (and almost no normal ones) generated by host B:
Aug 19 19:25:23 xerxes syslog-ng[20806]: Log statistics; dropped='tcp(AF_INET(217.117.75.2:1999))=0', processed='center(queued)=112', processed='center(receive d)=23', processed='destination(newsnotice)=0', processed='destination(console)=0', processed='destination(debug)=23', processed='destination(mailinfo)=0', proc essed='destination(mail)=0', processed='destination(user)=0', processed='destination(newserr)=0', processed='destination(newscrit)=0', processed='destination(u ucp)=0', processed='destination(messages)=19', processed='destination(mailwarn)=0', processed='destination(ppp)=1', processed='destination(loghost)=23', proces sed='destination(lpr)=0', processed='destination(cron)=0', processed='destination(syslog)=23', processed='destination(authlog)=0', processed='destination(maile rr)=0', processed='destination(kern)=0', processed='destination(daemon)=0', processed='destination(xconsole)=0', processed='destination(console_all)=23', proce ssed='source(net)=0', processed='s
This is a statistical message generated by syslog-ng, you could set the frequency of the message by using the stats_freq() option. As far as I see there aren't dropped messages reported, so I'm not sure what you want to fix. Maybe reporting of 0 dropped logs should be omitted, but it would be only a cosmetic change. Without seeing the configfile of your log client (host B) I can't tell whether logs not originated from syslog-ng itself should get forwarded to host A or not. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Tuesday 19 August 2008, Geller, Sandor (IT) wrote:
Hi,
The issue is that I've got a lot of messages like this one (and almost no normal ones) generated by host B:
Aug 19 19:25:23 xerxes syslog-ng[20806]: Log statistics; dropped='tcp(AF_INET(217.117.75.2:1999))=0', ... This is a statistical message generated by syslog-ng, you could set the frequency of the message by using the stats_freq() option. As far as I see there aren't dropped messages reported, so I'm not sure what you want to fix.
Is it possible to avoid logging of these messages altogether? -- Ivan Lezhnjov Jr. Europe, Ukraine, Simferopol Running Source Mage GNU/Linux, kernel version 2.6.24 build #5 +----------------------------------------------------------------------+ Key ID 0x5811D90C Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C Use GPG Exercise Your Right To Privacy
Hi, On Tue, Aug 19, 2008 at 3:22 PM, Ivan Lezhnjov Jr. <ivan.lezhnjov.jr@gmail.com> wrote:
Tuesday 19 August 2008, Geller, Sandor (IT) wrote:
This is a statistical message generated by syslog-ng, you could set the frequency of the message by using the stats_freq() option. As far as I see there aren't dropped messages reported, so I'm not sure what you want to fix.
Is it possible to avoid logging of these messages altogether?
Yes, set stats_freq(0) in the options section of your syslog-ng.conf file. Joe
Tuesday 19 August 2008, Joe Shaw wrote:
Hi,
On Tue, Aug 19, 2008 at 3:22 PM, Ivan Lezhnjov Jr. ...
Is it possible to avoid logging of these messages altogether?
Yes, set stats_freq(0) in the options section of your syslog-ng.conf file.
How about filtering out these messages and putting them into a separate file, say syslog-ng-diagnostic.log? Is there a way to do this? Also what is the meaning of this statement anyway: dropped='tcp(AF_INET($IP: $PORT))=0' ? -- Ivan Lezhnjov Jr. Europe, Ukraine, Simferopol Running Source Mage GNU/Linux, kernel version 2.6.24 build #5 +----------------------------------------------------------------------+ Key ID 0x5811D90C Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C Use GPG Exercise Your Right To Privacy
Hi,
How about filtering out these messages and putting them into a separate file, say syslog-ng-diagnostic.log? Is there a way to do this?
You can do it fairly easy: set up a filter like this: filter f_syslogstats { match ("^syslog-ng\[[[:digit:]]+\]: Log statistics"); }; and then attach it to the internal log source.
Also what is the meaning of this statement anyway: dropped='tcp(AF_INET($IP: $PORT))=0' ?
Hmm, never seen such logged... Do you have a destination with these macros? Although neither $PORT or $IP are available as macros. Regards, Sansor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Thursday 21 August 2008, Geller, Sandor (IT) wrote:
Hi,
Hi!
How about filtering out these messages and putting them into a separate file, say syslog-ng-diagnostic.log? Is there a way to do this?
You can do it fairly easy: set up a filter like this:
filter f_syslogstats { match ("^syslog-ng\[[[:digit:]]+\]: Log statistics"); };
and then attach it to the internal log source.
Thanks a bunch :)
Also what is the meaning of this statement anyway: dropped='tcp(AF_INET($IP: $PORT))=0' ?
Hmm, never seen such logged... Do you have a destination with these macros? Although neither $PORT or $IP are available as macros.
Yes, I do. It looks like this: destination loghost { tcp("217.117.75.2" port(1999)); }; -- Ivan Lezhnjov Jr. Europe, Ukraine, Simferopol Running Source Mage GNU/Linux, kernel version 2.6.24 build #5 +----------------------------------------------------------------------+ Key ID 0x5811D90C Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C Use GPG Exercise Your Right To Privacy
On 19 Aug 2008, Joe Shaw outgrape:
Yes, set stats_freq(0) in the options section of your syslog-ng.conf file.
I have another reason to do that: syslog-ng dumps core rather than dumping stats :/ Given this backtrace (not terribly useful :( looks like we have yet another DWARF2 debugloc bug in GCC): #0 evt_rec_add_tag (e=<value optimized out>, tag=<value optimized out>) at evtrec.c:48 48 evtrec.c: No such file or directory. in evtrec.c (gdb) bt #0 evt_rec_add_tag (e=<value optimized out>, tag=<value optimized out>) at evtrec.c:48 #1 0x08059a13 in stats_generate_log () at stats.c:229 #2 0x0804b8a8 in stats_timer (st=0x0) at main.c:131 #3 0x4ab05187 in g_timeout_dispatch (source=Could not find the frame base for "g_timeout_dispatch". ) at gmain.c:3446 #4 0x4ab04c5e in IA__g_main_context_dispatch (context=Could not find the frame base for "IA__g_main_context_dispatch". ) at gmain.c:2012 #5 0x4ab078ed in g_main_context_iterate (context=<value optimized out>, block=<value optimized out>, dispatch=<value optimized out>, self=Could not find the frame base for "g_main_context_iterate". ) at gmain.c:2645 #6 0x4ab07d7c in IA__g_main_context_iteration (context=<value optimized out>, may_block=Could not find the frame base for "IA__g_main_context_iteration". ) at gmain.c:2708 #7 0x0804b35b in main_loop_run (cfg=0xbfcc47c4) at main.c:159 #8 0x0804b851 in main (argc=1, argv=0x6) at main.c:428 I suspect that either the stats counter list has become broken in some way (sc can't be NULL, but it can be invalid). I'll dig deeper next weekend, perhaps. -- `Not even vi uses vi key bindings for its command line.' --- PdS
On Wed, 2008-08-27 at 05:30 +0100, Nix wrote:
On 19 Aug 2008, Joe Shaw outgrape:
Yes, set stats_freq(0) in the options section of your syslog-ng.conf file.
I have another reason to do that: syslog-ng dumps core rather than dumping stats :/
I've fixed this in the git tree already, but didnt' have time to do a proper release. So a nightly snapshot or a fresh checkout should solve this. -- Bazsi
On 27 Aug 2008, Balazs Scheidler uttered the following:
On Wed, 2008-08-27 at 05:30 +0100, Nix wrote:
On 19 Aug 2008, Joe Shaw outgrape:
Yes, set stats_freq(0) in the options section of your syslog-ng.conf file.
I have another reason to do that: syslog-ng dumps core rather than dumping stats :/
I've fixed this in the git tree already, but didnt' have time to do a proper release. So a nightly snapshot or a fresh checkout should solve this.
... a month and more ago. How embarrassing: I thought I'd done a git pull recently. Thanks for the fix (and for the best-of-all-worlds kickass syslog replacement in general, of course).
participants (5)
-
Balazs Scheidler
-
Geller, Sandor (IT)
-
Ivan Lezhnjov Jr.
-
Joe Shaw
-
Nix