[syslog-ng] R: UDP devices stop logging after network services restart.
Vincenti Francesco
Francesco.Vincenti at acciaiterni.it
Wed Aug 23 06:15:23 UTC 2017
Dear Janos,
welcome back.
Actually the whole syslog-ng service is working fine now, the “rebel” network device (firewall) is sending its UDP logs to the new NIC of the server, as expected.
I made some changes either to the server configuration and to the syslog-ng configuration before this result but I am not sure they were decisive.
On the server I raised the rx and tx default ring buffer value for all the four NICs, from 256 to 2048, anyway the value of dropped packets was low respect the amount of packets sent by device and ethtool does not show errors.
I raised the value of NIC ring buffer because when I run syslog-ng in debug mode, I did not see packets coming from that specific network device entering syslog-ng, so I thought they were dropped.
About syslog-ng configuration I deleted the @version row in every syslog-ng/conf.d/*.conf files I wrote and, but for another source driver, I dropped few logs to the same destination changing them in a more articulated filter, so using an unique destination.
I restarted syslog-ng daemon and, then, I sent the logs of network device to the NIC added and, this time, it worked.
May be it was only luck but now it works.
If I should have other news about the matter I will inform you, but I would be glad to know what do you think about the changes I made.
Thank you very much.
Cheers
Francesco Vincenti
RHCSA Area Data Center Open Source, Quality and Security
Aspasiel Divisione della Società
Acciai Speciali Terni S.p.A. con Unico Socio
Strada di Pentima, 3 – 05100 Terni
francesco.vincenti at acciaiterni.it<mailto:francesco.vincenti at acciaiterni.it>
www.aspasiel.it<http://www.aspasiel.it/>
Ufficio: +39 0744 203224
Fax: +39 0744 203444
Da: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] Per conto di SZIGETVÁRI János
Inviato: giovedì 3 agosto 2017 15:28
A: Syslog-ng users' and developers' mailing list
Oggetto: Re: [syslog-ng] UDP devices stop logging after network services restart.
Dear Fancesco,
Could you please upload the file for example to Google Drive/Dropbox/etc and share its link with us?
Asking you to attach it to your reply might not have been my greatest idea.
Thank you!
Regards,
János
--
Janos SZIGETVARI
RHCE, License no. 150-053-692<https://www.redhat.com/rhtapps/verify/?certId=150-053-692>
__ at __˚V˚
Make the switch to open (source) applications, protocols, formats now:
- windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice
- msn -> jabber protocol (Pidgin, Google Talk)
- mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp
2017-08-01 9:29 GMT+02:00 Vincenti Francesco <Francesco.Vincenti at acciaiterni.it<mailto:Francesco.Vincenti at acciaiterni.it>>:
Dear Janos
I already sent an email with the data you requested that is under analysis from your moderators because it is too big.
Anyway, every NIC has a number of dropped RX packages but either their number and their daily growth is not big enough to explain the amount of data lost.
Further, netstat –su shows, under UDP, 1 packet receive errors only.
I’m going to switch UDP devices again to log on not-working NIC (ens35 according data I’ve sent to you) to verify how many packages are lost in this case and I’ll inform you about the results.
Cheers
Francesco Vincenti
RHCSA Area Data Center Open Source, Quality and Security
Aspasiel Divisione della Società
Acciai Speciali Terni S.p.A. con Unico Socio
Strada di Pentima, 3 – 05100 Terni
francesco.vincenti at acciaiterni.it<mailto:francesco.vincenti at acciaiterni.it>
www.aspasiel.it<http://www.aspasiel.it/>
Ufficio: +39 0744 203224<tel:+39%200744%20203224>
Fax: +39 0744 203444<tel:+39%200744%20203444>
This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the error at the following email address: helpdesk at aspasiel.it<mailto:helpdesk at aspasiel.it> or at Aspasiel Helpdesk Team by phone (phone number +390744203555<tel:+39%200744%20203555>), and then delete this message from your system.
P Please consider our environment and think before you print. Thank you! q
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the error at the following email address: helpdesk at aspasiel.it<mailto:helpdesk at aspasiel.it> or at Aspasiel Helpdesk Team by phone (phone number +390744203555), and then delete this message from your system.
P Please consider our environment and think before you print. Thank you! q
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170823/53291be4/attachment-0001.html>
More information about the syslog-ng
mailing list