[syslog-ng] high performance server
Mike
mike at jeke.fdns.net
Thu Oct 27 05:25:53 CEST 2005
> >are you sure that they are being received? if htey are coming in over UDP,
> >maybe check some netstat output to see if they are being dropped by the
> >kernel? (in this case they would be dropped before syslog-ng can even see
> >that would be the drops would be listed as zero)
> >
> >
> I've just checked my syslog-ng-1.6.8 CentOS-4.1 server and discover I
> have a similar problem. I wrote a quick UDP syslog record generator
> using Net::Syslog and used it to pump 30,000 records in 3 forks (i.e. 3
> x 10,000) at our syslog-ng server - and only received 29,987. I also ran
> tcpdump on the syslog-ng server and can confirm 30,000 UDP syslog
> packets were received.
>
> I have "log_fifo_size (10000)" set, have dns enabled, and have multiple
> files and directory trees opened by syslog-ng - "STATS: dropped 0" is
> what "stats()" is returning.
stats() shows messages that syslog-ng has received, but was not able to
write to one of it's outputs in time (that is where log_fifo_size() comes
in) >
> I've run it multiple times now - it never equals 30,000 - always losing
> 5-50 events.
check the output of:
netstat -su
do you see anything for "packet receive errors"? try running your send
again...did that number grow?
can't remember the command right now, but there is an option to adjust
this with a sysctl command....
>
> --
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +64 3 9635 377 Fax: +64 3 9635 417
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list