[syslog-ng] Log daemon for high volume of logs

[Nate Campi]

On Tue, Jan 30, 2007 at 06:34:09PM +0100, Balazs Scheidler wrote:
> 
> try to increase the socket receive buffer. You can do that with
> so_rcvbuf() option in syslog-ng, but you can tweak kernel tunables as
> well.

At my current job, I was never able to handle my syslog spikes with UDP,
even after increasing the UDP receive buffer. My troubles didn't go away
until I deployed syslog-ng everywhere and used TCP for all syslog
traffic (from UNIX hosts anyways).

I only mention this because I want to make it crystal clear that you'll
probably see the same problems after deploying syslog-ng on your central
log server(s). The problem is lower in the stack than that. If this was
already clear to you, then sorry for the wasted bandwidth. :)

HTH,
-- 
Nate

"Do the right thing. It will gratify some people and astonish the rest." - Samuel Clemens