[syslog-ng] UDP Dropping packets
Balazs Scheidler
bazsi at balabit.hu
Sun Aug 28 08:28:42 CEST 2011
On Fri, 2011-08-26 at 08:56 -0500, Aldrich, Jamie S wrote:
> We are not writing these specific logs to the /var/adm/messages, but to a LogLogic devices. Here is the syslog-ng.conf file part that handles these logs.
>
> source s_file {
> file("/psfs_logs/APPSRV_current.LOG" flags(no-parse));
> };
>
> destination d_messages{
> udp("10.13.33.11");
> };
>
> log {
> source(s_file);
> destination(d_messages);
> };
UDP is not reliable, and you could be surprised how much it is
unreliable. I've seen udp transports to drop over 90% of the traffic.
It can be improved somewhat by increasing the receive buffer size
(so_rcvbuf() option in syslog-ng, but kernel limits may have to be
adjusted as well).
Google for udp receive buffer syslog-ng, and you'll get a number of
pages that describe the issue.
--
Bazsi
More information about the syslog-ng
mailing list