[syslog-ng] there are many udp packet receive errors

liuruihong liuruihong at baidu.com
Thu Sep 20 09:31:27 CEST 2007 

Eenvironment : 

> under linux 

> 1 central log-collecting server.syslog-ng 

2 client: syslog sending logs to central log-collecting server.

 

The syslog-ng server configuration: 

> options { use_dns(no); create_dirs(yes);ts_format(iso); };

> source src { udp(ip(0.0.0.0) port(514)); };  

> 

> filter f_kern { facility(kern); };

> filter f_authpriv { facility(auth,authpriv); };

> filter f_mail { facility(mail); };

> filter f_cron { facility(cron); }; 

> filter f_boot { facility(local7); };

> filter f_spooler { facility(uucp, news) and level(crit..emerg); }; 

> filter f_messages { level(info..emerg) and not facility(authpriv,  cron,
mail); }; 

> destination kern { file("/home/syslog-ng/$YEAR/$HOST/kernel-$MONTH"); }; 

> destination authpriv { file("/home/syslog-ng/$YEAR/$HOST/secure-$MONTH");
}; 

> destination mail { file("/home/syslog-ng/$YEAR/$HOST/maillog-$MONTH"); };

>  destination cron { file("/home/syslog-ng/$YEAR/$HOST/cron-$MONTH"); };

>  destination boot{ file("/home/syslog-ng/$YEAR/$HOST/boot.log-$MONTH"); };

>  destination spooler { file("/home/syslog-ng/$YEAR/$HOST/spooler-$MONTH");
};  

destination messages { file("/home/syslog-ng/$YEAR/$HOST/messages-$MONTH");
}; 

> log { source(src); filter(f_kern); destination(kern); };> 

> log { source(src); filter(f_authpriv); destination(authpriv); };> 

> log { source(src); filter(f_mail); destination(mail); };> 

> log { source(src); filter(f_cron); destination(cron); };> 

> log { source(src); filter(f_boot); destination(boot); };> 

> log { source(src); filter(f_spooler); destination(spooler); }; 

> log { source(src); filter(f_messages); destination(messages); };>

QUESTION: 

  I  used the syslog-ng to collect logs from about 1000 clients,while there
are many udp packets receive erros: 

  # netstat -su

  # Udp:

    41200545 packets received

    0 packets to unknown port received.

    410733273 packet receive errors

    21311935 packets sent

 I think it means many log sending by the client are not received by
syslog-ng successfully,

How can I resolve this problems?

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070920/28175189/attachment.htm

More information about the syslog-ng mailing list