[syslog-ng]missing 33% of syslog messages

Nate Campi nate@campin.net
Wed, 2 Oct 2002 14:41:25 -0700 

Sorry to make you restate information, but is this UDP? It is trivial to
fill the kernel receive buffer and drop messages before they're passed
on to userland.

On Wed, Oct 02, 2002 at 01:41:32PM -0400, Bob Kupiec wrote:
> 
> Included is a log of number of messages logged over a period.  There
> should be hundreds of messages per minute from this one source
> machine, but I miss many minutes with not one entry logged!
> 
>  #  Date   Time
> ----------------
> 932 Sep 28 00:31
>   0 Sep 28 00:32
>   0 Sep 28 00:33
>   0 Sep 28 00:34
>   0 Sep 28 00:35
>   0 Sep 28 00:36
>   0 Sep 28 00:37
> 166 Sep 28 00:38
>  .
> .
>  .
> 139 Sep 28 01:53
>   0 Sep 28 01:54
>   0 Sep 28 01:55
>   0 Sep 28 01:56
> 206 Sep 28 01:57
>  .
> .
>  .
> 276 Sep 28 02:15
>   0 Sep 28 02:16
> 163 Sep 28 02:17
>  .
> .
>  .
>  35 Sep 28 03:30
>   0 Sep 28 03:31
>   0 Sep 28 03:32
>   0 Sep 28 03:33
>   0 Sep 28 03:34
>   0 Sep 28 03:35
>   0 Sep 28 03:36
>   0 Sep 28 03:37
> 303 Sep 28 03:38
>  .
> .
>  .
> 189 Sep 28 04:26
>   0 Sep 28 04:27
>   0 Sep 28 04:28
>   0 Sep 28 04:29
>   0 Sep 28 04:30
>   0 Sep 28 04:31
>   0 Sep 28 04:32
>   0 Sep 28 04:33
>   0 Sep 28 04:34
>   0 Sep 28 04:35
>   0 Sep 28 04:36
>   0 Sep 28 04:37
>   0 Sep 28 04:38
>   0 Sep 28 04:39
>   0 Sep 28 04:40
>   0 Sep 28 04:41
>   0 Sep 28 04:42
>   0 Sep 28 04:43
>   0 Sep 28 04:44
> 204 Sep 28 04:45
>  .
> .
>  .
> 159 Sep 28 05:11
>   0 Sep 28 05:12
>   0 Sep 28 05:13
>   0 Sep 28 05:14
>   0 Sep 28 05:15
>   0 Sep 28 05:16
>   0 Sep 28 05:17
>   0 Sep 28 05:18
>   0 Sep 28 05:19
>   0 Sep 28 05:20
>   0 Sep 28 05:21
>   0 Sep 28 05:22
>   0 Sep 28 05:23
>   0 Sep 28 05:24
>   0 Sep 28 05:25
>   0 Sep 28 05:26
>   0 Sep 28 05:27
> 285 Sep 28 05:28
>  .
> .
>  .
> 
> 
> 
> -- 
>        Bob Kupiec                     Security/Network Administrator
>   Email: kupiec@ias.edu                Institute for Advanced Study
>    Phone: 609-734-8179                    Einstein Drive (A208)
>     Fax: 609-951-4418                   Princeton, NJ 08540-4907
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 

-- 
You can lead an idiot to knowledge but you cannot make him think. 
You can, however, rectally insert the information, printed on stone
tablets, using a sharpened poker.