[syslog-ng]reopening of udp connections

Balazs Scheidler bazsi@balabit.hu
Fri, 13 Apr 2001 15:29:44 +0200


> We use syslog-ng to log messages from our Linux PC to one or more
> Windows NT PCs running a propriatary tool to display and maintain
> log and statistics information of a Linux app. Approx every second
> a log message is sent using UDP.
> 
> Unfortunately, if the NT log application is not running, the NT box
> returns an ICMP message, stating that the chosen UDP port number is
> not listened to.
> Then syslog-ng pauses sending UDP logs, and retries after 60 seconds.
> It also logs a message stating that the UDP connection was broken.
> (which isn't true because UDP doesn't create connections)
> If succesfull, it then sends all (?) accumulated log messages at once.
> If our NT app starts immediately after syslog-ng paused, we don't
> receive any logging for 59 seconds... 
> 
> This is unwanted behaviour for our system.
> I know that I can have syslog-ng retry more often, but I don't want
> retries. Every UDP packet should "just disappear" if not delivered,
> and every packet should be sent anyway, thus having "below second"
> responsetime.
> (This is what happens if NT didn't return those darn ICMP messages).

filter your ICMP packets with packet filter?

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1