[syslog-ng] Forwarding + Spoofing = Errors & Dropped Packets?
Balazs Scheidler
bazsi at balabit.hu
Wed Jan 10 19:09:43 CET 2007
On Wed, 2007-01-10 at 07:30 -0600, Ivey, Chris wrote:
> We are having a REALLY weird issue with syslog-ng that I need to
> request some assistance with resolving. It has to do with forwarding
> and spoofing. If I go into syslog-ng.conf and enable forwarding to my
> 3 remote servers along with spoofing, it causes issues on the server.
> First, the Recv-Q fills to capacity (as seen in "netstat -a | grep
> syslog"). Once that buffer fills, we start seeing "packet receive
> errors" (as seen in "netstat -su"). We have an INORDINATE amount of
> these errors (about 45%). Observe:
syslog-ng is busy doing something and it causes not to read the UDP
receive buffers in a timely manner.
Can you check:
* syslog-ng is not blocking on DNS
* syslog-ng is not blocking on /proc/kmsg
or something else.
--
Bazsi
More information about the syslog-ng
mailing list