[syslog-ng] Losing to much remote sent logs
Daniel Neubacher
daniel.neubacher at xing.com
Tue Mar 6 15:55:43 CET 2012
Do you have any tuning magic in your syslog-ng config? Or any other configuration changes in the os? Or are most of your logs from a single server?
My setup here is pretty much normal... a big server, gigabit Ethernet and 400 log hosts. Don't know where to search for the problem.
-----Ursprüngliche Nachricht-----
Von: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] Im Auftrag von Martin Holste
Gesendet: Dienstag, 6. März 2012 15:44
An: Syslog-ng users' and developers' mailing list
Betreff: Re: [syslog-ng] Losing to much remote sent logs
> For a benchmark, I have stressed (10 000 to 20 000msg/sec) a syslogd
> server which transmits all logs it received to a Syslog-NG server over
> udp. I was able to reach a score of 90% of lost messages.
>
> udp is very good way to have problem with your log management solution I think.
That doesn't sound right at all. We get much better performance with
UDP: zero drops at around 15k/sec with a lot of bursting to over 20k.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
More information about the syslog-ng
mailing list