[syslog-ng]Problem with 1.6.3 on Solaris. Message

[Balazs Scheidler]

2004-05-13, cs keltezéssel 09:35-kor Dmitri Smirnov ezt írta:
> Looks like version 1.6.3 is not working well on Solaris 8. 
> 
> Few minutes after the start it generates hundreds of messages like:
> syslog.err syslog-ng[27013]: do_stream_read: STREAMS device gave too
> long line
> 
> I think it is the result of changes related to HP-UX and pad_size (from
> 10k to 256 bytes ?)

Hmm.. no it should be caused by some IRIX related patches I applied to
1.6.3. I'll figure this out. Thanks for the report.

> 
> Another problem with syslog-ng in general (1.6.1 or later) - we're
> started to lose about 10% of syslog messages.
> The config file is not too big and messages do arrive on server for sure
> (confirmed with snoop) but every few minutes 
> syslog-ng is losing some of them. Any recommendation on tuning or
> troubleshooting?

if the packet arrives to the log host but syslog-ng does not receive it
(e.g. your STATS line shows 0 dropped messages), it is possible that the
UDP receive buffer is too small.

try increasing the UDP receive buffer, it should be possible with some
OS dependant tools (ndd comes to mind on Solaris)

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1