[syslog-ng] Support for Open Source Syslog-ng

Naveen Bhalla (nbhalla) nbhalla at cisco.com
Fri Apr 13 17:43:26 UTC 2018 

Team,
    Could you pls help us on below P1 situation for us?



Regards,

[http://wwwin.cisco.com/c/dam/cec/organizations/gmcc/services-tools/signaturetool/images/logo/logo_gradient.png]
Naveen Bhalla | Manager.Technical Support
CMS Platform Operations

Cell:  +91-9880362157
Desk: +91-80-44260795

From: Naveen Bhalla (nbhalla)
Sent: 13 April 2018 09:14 PM
To: 'support at balabit.com' <support at balabit.com<mailto:support at balabit.com>>
Subject: Support for Open Source Syslog-ng

Hello Support Team,
     We have a situation in our platform where syslog-ng is dropping part of syslog traffic coming into our server. The syslog-ng has around 750 match rules in its configuration. Based on these rules the syslogs are forwarded to the destinations. Also, there is one rule to write all the received syslogs to disk. We are receiving syslogs at the rate of 300 eps.



The issue is that we are seeing that syslog-ng is not able to process the syslogs and forward them to the destinations. It is not writing to the disk also. We are seeing that there is a big delay after which some syslogs are getting written to the disk. We are seeing loss of UDP packets. The UDP buffer size is big enough.


net.ipv4.tcp_rmem = 4096 4194304 16777216
net.ipv4.tcp_wmem = 98304 4194304 16777216
net.core.rmem_default = 234217728
net.core.wmem_default = 234217728
net.core.rmem_max =  234217728
net.core.wmem_max = 234217728
net.ipv4.tcp_window_scaling = 1
net.ipv4.ip_local_port_range = 32768 61000
fs.file-max = 2097152
net.core.optmem_max = 40960
net.core.netdev_max_backlog = 50000
net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192


We need help to resolve this issue.


We are using open-source syslog-ng in our setup.



Regards,

[http://wwwin.cisco.com/c/dam/cec/organizations/gmcc/services-tools/signaturetool/images/logo/logo_gradient.png]
Naveen Bhalla | Manager.Technical Support
CMS Platform Operations

Cell:  +91-9880362157
Desk: +91-80-44260795

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180413/69766fb5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2773 bytes
Desc: image001.png
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180413/69766fb5/attachment.png>

More information about the syslog-ng mailing list