[syslog-ng] UDP packet loss with syslog-ng

[Matthew Hall]

On Fri, Oct 15, 2010 at 05:01:27PM -0400, Lars Kellogg-Stedman wrote:
> > file. What network adapter and Ethernet driver does the machine use?
> 
> This is a Dell R610, which reports:
> 
>   Ethernet controller: Broadcom Corporation NetXtreme II BCM5709
> Gigabit Ethernet
> 
> The kernel is using the "bnx2" driver.  There doesn't appear to be a
> problem getting packets from the network to a user space program like
> awk or netcat.

Yeah I understand that they seem to be getting to user space OK. But in 
past work I have seen different Ethernet adapters which caused stack 
misbehavior because their drivers were bad. So I wanted to be sure you 
were not running one of the adapters which had caused problems for me 
when I used to work on a Linux based firewall appliance.

> > Which operating system?
> 
> Linux (CentOS 5.5).

OK. RHEL 5 is kind of ancient unfortunately. I've seen it cause problems 
for me before. Is there any possibility to try Ubuntu 10.04 LTS or 
something else to help narrow down the problem, or do some sort of 
profiling?

> Trying various values for log_fetch_limit() didn't
> appear to have much impact on things, but absent some guidance on what
> would constitute sensible numbers I was sort of flailing around.

Fair enough.

> > Can you profile syslog-ng using
> > oprofile or the various built in profiling and debugging options in its
> > configure script? Can you check if the CFLAGS look good?
> 
> I'm using the binary packages from balabit.com.  If these aren't
> optimally built, I'm looking at the wrong product.

Not every build can be optimal for every situation. This is open source. 
If it doesn't work, then you are going to have to help do some of the 
troubleshooting, unless you feel like buying a support contract. There 
are some dedicated people here who want to help but you have to work 
with us too.

Matthew.