[syslog-ng] UDP Dropping packets
Aldrich, Jamie S
JSAldrich at pier1.com
Mon Aug 29 17:48:54 CEST 2011
Would using "tcp" be a worse option?
Jamie
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Balazs Scheidler
Sent: Sunday, August 28, 2011 1:29 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] UDP Dropping packets
On Fri, 2011-08-26 at 08:56 -0500, Aldrich, Jamie S wrote:
> We are not writing these specific logs to the /var/adm/messages, but to a LogLogic devices. Here is the syslog-ng.conf file part that handles these logs.
>
> source s_file {
> file("/psfs_logs/APPSRV_current.LOG" flags(no-parse));
> };
>
> destination d_messages{
> udp("10.13.33.11");
> };
>
> log {
> source(s_file);
> destination(d_messages);
> };
UDP is not reliable, and you could be surprised how much it is
unreliable. I've seen udp transports to drop over 90% of the traffic.
It can be improved somewhat by increasing the receive buffer size
(so_rcvbuf() option in syslog-ng, but kernel limits may have to be
adjusted as well).
Google for udp receive buffer syslog-ng, and you'll get a number of
pages that describe the issue.
--
Bazsi
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
More information about the syslog-ng
mailing list