[syslog-ng] high performance server
Jason Haar
Jason.Haar at trimble.co.nz
Thu Oct 27 05:05:25 CEST 2005
Mike wrote:
>
>
>>I have a very high volume syslog-ng server. I currently have logs that are
>>being received across the network but not being written to disk. This
>>could be as much as 25% of the logs being dropped. The STAT to syslog
>>always says 0 drops.
>>
>>
>
>are you sure that they are being received? if htey are coming in over UDP,
>maybe check some netstat output to see if they are being dropped by the
>kernel? (in this case they would be dropped before syslog-ng can even see
>that would be the drops would be listed as zero)
>
>
I've just checked my syslog-ng-1.6.8 CentOS-4.1 server and discover I
have a similar problem. I wrote a quick UDP syslog record generator
using Net::Syslog and used it to pump 30,000 records in 3 forks (i.e. 3
x 10,000) at our syslog-ng server - and only received 29,987. I also ran
tcpdump on the syslog-ng server and can confirm 30,000 UDP syslog
packets were received.
I have "log_fifo_size (10000)" set, have dns enabled, and have multiple
files and directory trees opened by syslog-ng - "STATS: dropped 0" is
what "stats()" is returning.
I've run it multiple times now - it never equals 30,000 - always losing
5-50 events.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the syslog-ng
mailing list