[syslog-ng] Using syslog-ng for NAS
Naoto MATSUMOTO
not@iri.co.jp
Tue, 12 Oct 1999 08:22:02 +0900 (JST)
Hi,
From: Balazs Scheidler <bazsi@balabit.hu>
Subject: Re: [syslog-ng] Using syslog-ng for NAS
Date: Mon, 11 Oct 1999 22:27:08 +0200
>
> Hi,
>
> > The Balabit syslog-ng can be relaying UDP to TCP.
> >
> > source and destination syntax eg.)
> > Syntax: udp <ipaddr>,<port>;
> > Sends messages to the given host & port using UDP datagrams.
> > Example: udp 193.6.40.37,514;
> >
> > Is it the best for this situation ?
>
> It depends on which version you are talking about. Version 1.0.x defined the
> UDP destination exactly as you wrote above, but 1.1.xx uses a new syntax:
>
> udp(<hostname> port(<udpport>));
>
> >
> > (1) old syslogd style
> >
> > [NAS]........UDP.........................
> > .<Drop!>
> > [NAS]........UDP.........................[Syslog]----IO->(Disk)
> > .<Drop!>
> > [NAS]........UDP.........................
> >
> > NAS: Network Access Server
> >
> > (2) using syslog-ng
> >
> > <Buffered?+Relay!>
> > vvvvvvvvv
> > [NAS]........UDP..[Syslog-ng]______TCP___
> > . \
> > [NAS]........UDP. [Syslog-ng]--IO->(Disk)
> > ______ ___/
> > [NAS]........UDP..[Syslog-ng] TCP
> > ^^^^^^^^^
> > <Buffered?+Relay!>
> >
> > It's correct?
> >
> > I want to understand that cause of dropping UDP on syslog.
> > (the cause is the UDP stack on kernel(OS)?)
>
> UDP by definition is a connectionless protocol, and it's possible that
> packets get lost while transmission. If syslog-ng is put directly beside the
> NAS (e.g. same ethernet segment) and log traffic is relayed using a TCP
> connection, it may help. But the buffers in syslog-ng are not unlimited, so
> if your network segment is overloaded, TCP transport will not help, and even
> may make the situation worse.
OK, I'm try it :)
Regards,
-----
IRI [Internet Research Institute,Inc.] Naoto MATSUMOTO <not@iri.co.jp>