[syslog-ng] Log daemon for high volume of logs
Balazs Scheidler
bazsi at balabit.hu
Tue Jan 30 18:34:09 CET 2007
On Mon, 2007-01-29 at 17:54 -0300, Federico Petronio wrote:
> In our case "high volume" is 83 pps (4 MB/hour) peaks probably are
> higher but I don't have the number. As a test, we block with iptables
> the incoming packets from the new host. After doing that, no other log
> was miss, that's why we guess the problems is with the syslog buffer or
> something related to it.
>
> We also run the command "netstat -su" with the following result:
>
> Udp:
> 231803397 packets received
> 6022 packets to unknown port received.
> 123643084 packet receive errors
> 117398380 packets sent
>
> In this Debian Linux the output is different and not as detailed as the
> one you showed, but it shows that 50% of the UDP packets has some kind
> of problem. Do you know exactly what kind of problems generates "packet
> receive errors";
try to increase the socket receive buffer. You can do that with
so_rcvbuf() option in syslog-ng, but you can tweak kernel tunables as
well.
--
Bazsi
More information about the syslog-ng
mailing list