[syslog-ng]Problem with 1.6.3 on Solaris. Message

[Dmitri Smirnov]

Sorry for confusion - may be the solution will help someone in future as
well.

The problem I had was related to reverse lookups - I didn't have few
zones registered in DNS and reverse lookup was taking 1-2 minutes..
During that time syslog-ng was dropping messages..

I guess it will be nice to isolate lookup function from messages
processing if possible..

Thank you for your help and for really nice product!

Sorry for confusion - 1.6.3 is working just fine!

Dmitri

-----Original Message-----
From: Dmitri Smirnov=20
Sent: Thursday, May 13, 2004 11:13 AM
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]Problem with 1.6.3 on Solaris. Message


Tried to increase UDP udp_max_buf to 524288 (from 262144) - doesn't
help.
STATS reports 0 lost messages... ;(

Plus 1.6.3 hangs for me after 200-300 messages (3-5 minutes)... 1.6.1
doesn't hang but losing messages :(

Dmitri

-----Original Message-----
>=20
> Another problem with syslog-ng in general (1.6.1 or later) - we're=20
> started to lose about 10% of syslog messages.
> The config file is not too big and messages do arrive on server for=20
> sure (confirmed with snoop) but every few minutes syslog-ng is losing=20
> some of them. Any recommendation on tuning or troubleshooting?

if the packet arrives to the log host but syslog-ng does not receive it
(e.g. your STATS line shows 0 dropped messages), it is possible that the
UDP receive buffer is too small.

try increasing the UDP receive buffer, it should be possible with some
OS dependant tools (ndd comes to mind on Solaris)