Sorry to make you restate information, but is this UDP? It is trivial to fill the kernel receive buffer and drop messages before they're passed on to userland. On Wed, Oct 02, 2002 at 01:41:32PM -0400, Bob Kupiec wrote:

Included is a log of number of messages logged over a period. There should be hundreds of messages per minute from this one source machine, but I miss many minutes with not one entry logged!

# Date Time ---------------- 932 Sep 28 00:31 0 Sep 28 00:32 0 Sep 28 00:33 0 Sep 28 00:34 0 Sep 28 00:35 0 Sep 28 00:36 0 Sep 28 00:37 166 Sep 28 00:38 . . . 139 Sep 28 01:53 0 Sep 28 01:54 0 Sep 28 01:55 0 Sep 28 01:56 206 Sep 28 01:57 . . . 276 Sep 28 02:15 0 Sep 28 02:16 163 Sep 28 02:17 . . . 35 Sep 28 03:30 0 Sep 28 03:31 0 Sep 28 03:32 0 Sep 28 03:33 0 Sep 28 03:34 0 Sep 28 03:35 0 Sep 28 03:36 0 Sep 28 03:37 303 Sep 28 03:38 . . . 189 Sep 28 04:26 0 Sep 28 04:27 0 Sep 28 04:28 0 Sep 28 04:29 0 Sep 28 04:30 0 Sep 28 04:31 0 Sep 28 04:32 0 Sep 28 04:33 0 Sep 28 04:34 0 Sep 28 04:35 0 Sep 28 04:36 0 Sep 28 04:37 0 Sep 28 04:38 0 Sep 28 04:39 0 Sep 28 04:40 0 Sep 28 04:41 0 Sep 28 04:42 0 Sep 28 04:43 0 Sep 28 04:44 204 Sep 28 04:45 . . . 159 Sep 28 05:11 0 Sep 28 05:12 0 Sep 28 05:13 0 Sep 28 05:14 0 Sep 28 05:15 0 Sep 28 05:16 0 Sep 28 05:17 0 Sep 28 05:18 0 Sep 28 05:19 0 Sep 28 05:20 0 Sep 28 05:21 0 Sep 28 05:22 0 Sep 28 05:23 0 Sep 28 05:24 0 Sep 28 05:25 0 Sep 28 05:26 0 Sep 28 05:27 285 Sep 28 05:28 . . .

-- Bob Kupiec Security/Network Administrator Email: kupiec@ias.edu Institute for Advanced Study Phone: 609-734-8179 Einstein Drive (A208) Fax: 609-951-4418 Princeton, NJ 08540-4907

_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

-- You can lead an idiot to knowledge but you cannot make him think. You can, however, rectally insert the information, printed on stone tablets, using a sharpened poker.