We took DNS out of the config, and had no change. How do we go about seeing if we are blocking on /proc/kmsg? Thanks! Chris Ivey Affiliated Computer Services Enterprise Management Integration Services Infrastructure Management Senior Analyst 1120 Celebration Blvd. Celebration, FL 34747 chris.ivey@acs-inc.com "When you find yourself in a hole, the best thing to do is stop digging!" -- Nick Stokes -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Balazs Scheidler Sent: Wednesday, January 10, 2007 1:10 PM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Forwarding + Spoofing = Errors & Dropped Packets? On Wed, 2007-01-10 at 07:30 -0600, Ivey, Chris wrote:

We are having a REALLY weird issue with syslog-ng that I need to request some assistance with resolving. It has to do with forwarding and spoofing. If I go into syslog-ng.conf and enable forwarding to my 3 remote servers along with spoofing, it causes issues on the server. First, the Recv-Q fills to capacity (as seen in "netstat -a | grep syslog"). Once that buffer fills, we start seeing "packet receive errors" (as seen in "netstat -su"). We have an INORDINATE amount of these errors (about 45%). Observe:

syslog-ng is busy doing something and it causes not to read the UDP receive buffers in a timely manner. Can you check: * syslog-ng is not blocking on DNS * syslog-ng is not blocking on /proc/kmsg or something else. -- Bazsi _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html