[syslog-ng] dropped udp packets and help with config

[Balazs Scheidler]

On Fri, 2011-05-13 at 13:43 -0400, Zeek Anow wrote:
> 
> Something really wrong with syslog-ng or my config. I'm dropping way
> too many packets. 
> I will admit that my configuration is probably really a large part of
> the problem 
> and would appreciate it if someone could take a look at it and offer
> some suggestions.
>  There is another thread going about a similar problem on a similar
> platform.
> 
>  We recently upgraded to Solaris 10 from Solaris 9 and I don't recall
> us dropping that
> many packets before. And we also upgraded from a very older Sylog-ng
> version to 3.1.2.
> I am basing the dropped packets on the udp stats, not syslog-ng stats.
> Syslog-ng stats has NO dropped packets.

In another thread someone was complaining similar issues on Solaris. It
seems that the way syslog-ng writes log files (each line an individual
write system call), seems to have an enormous overhead on Solaris, much
more than on Linux.

syslog-ng OSE 3.3 now contains a change to batch writes using writev()
which should really improve performance on Solaris, however I'm just
releasing a beta now, so it may not be ready for prime time yet.

It'd be nice to know the root cause for the bad performance on Solaris,
but until now noone in the community nailed it completely.

I'd appreciate if you could give a test-drive of syslog-ng OSE 3.3 if it
really improves the situation. Alternatively, since the buffering change
via the Premium Edition, it might be easier to try that first: evals are
free, and there you have a binary package to start with. With the OSE,
you need to compile it yourself, which may or may not be that easy,
depending on your experience with compiling packages. Of course we're
here to help you in case you'd want to start compiling yourself.

-- 
Bazsi