[syslog-ng] Message loss (probably) within syslog-ng
mike at jeke.fdns.net
Mon Mar 6 14:07:51 CET 2006
> This is a very good and interesting link for the generic tuning of the
> network stack. However what is says is how to set the udp max buffer
> # ndd /dev/udp udp_max_buf
> which according to
> http://docs.sun.com/app/docs/doc/806-6779/6jfmsfr8b?a=view sets the
> "maximum allowed buffer size for an udp socket", not the actual value.
> The default receive buffer size is set using the parameter
> udp_recv_hiwat which is currently set to its maximum value of 65536. To
> increase it the only way is the setsockopt syscall.
> Anyway I don't get that many udpInOverflows (a few everyday) but it does
> not explain the few thousand messages I miss in my logs files.
hmmm. strange..on Linux it seems to use that max value without modifying
applications. I could be wrong tho.
use_fqdn (no); # utilisation du nom court de la machine
hmm..I am kinda wondering about the DNS usage now tho. I have never used
this feature before, but from what the docs say, syslog-ng will block on
DNS queries...can you tell if any of DNS queries are failing?
maybe you could add in some options here:
Number of seconds while a successful lookup is cached.
Number of seconds while a failed lookup is cached.
but if syslog-ng blocks on DNS queries, I would imagine that you would see
your udpInOverflows value increase....
anyone know the default value of dns_cache_expire() off the top of your
I would have to admit that I am grabbing at straws now tho.
More information about the syslog-ng