[syslog-ng] Solaris 10 UDP overflows, message drops
Balazs Scheidler
bazsi at balabit.hu
Sat Apr 30 14:15:10 CEST 2011
On Fri, 2011-04-29 at 08:51 +0200, Fekete Robert wrote:
> Hi,
>
> UDP is a connection-less protocol, meaning that the sender has no knowledge if
> the messages reach the destination or not. In the perspective of flow-control,
> this means the following (someone please correct me if I'm wrong):
>
> - when using flow-control on the client that sends messages via UDP,
> flow-control can slow down reading messages from the client's sources if the
> client cannot send out the messages fast enough. But the client does not know
> (hence it cannot slow down) if the server cannot handle the messages it receives.
except when it explicitly receives an ICMP port unreachable, in which
case syslog-ng will cease sending. port unreachable is not something you
can count on, but works when the issue is that the server is not
running.
>
> - when using flow-control on the server that receives UDP messages, flow-control
> can slow down reading from the server's sources (thus probably cause the server
> to drop UDP messages) if the destination on the server (file, database,
> whatever) cannot handle the messages send to the destination fast enough.
and in this case it can help, since syslog-ng will not be
active-dropping message, but rather the kernel will do that, even before
the message reach syslog-ng.
--
Bazsi
More information about the syslog-ng
mailing list