[syslog-ng] Not able to recive all syslog messages
Sandor Geller
Sandor.Geller at morganstanley.com
Wed Nov 10 09:50:05 CET 2010
Hello,
On Wed, Nov 10, 2010 at 9:04 AM, add gy <addyg420 at yahoo.com> wrote:
>
> Hi,
>
> I have installed syslog-ng on RHEL server as log host server for 250 router , switches but some time i recive messages some times i dont , when i check it on other syslog server on windows i revice syslog messages with any problem.
First you should check that the messages actually reach the host
syslog-ng is running on. I guess your devices are using UDP otherwise
with your config syslog-ng would reject a lot ot incoming TCP
connections because you haven't raised the default value of
max_connections() for your tcp() source. The default setting of
max_connections for tcp sources is 10.
When the logs reach your server and you're using UDP for the log
transport then it could happen that the kernel is dropping the packets
when the receive buffer is full. If you see significant log loss and
syslog-ng doesn't complain about dropped logs in its log statistics
then you should raise the size of the receive buffer using the
so_rcvbuf() option.
Regards,
Sandor
More information about the syslog-ng
mailing list