[syslog-ng] Syslog-ng missing few logs to write to local file after showing in tcpdump

vijay amruth vijayamruth at gmail.com
Mon Sep 24 21:03:25 UTC 2018 

Hello Laszlo, what role/s can NFS play on data that was received on the
interface but couldn't be written, for example, this case mentioned here?

Hello Harish, is your traffic UDP/TCP and the host in this a virtual
machine? Have you tried any tuning so far?

Thank you.

On Thu, Sep 20, 2018 at 3:57 AM Budai, László <laszlo.budai at oneidentity.com>
wrote:

> Hi,
>
> there can be many reasons... (are you using network filesystem?)
>
> Base on your other question you have a filter. Could you share your
> configuration?
>
> syslog-ng provides statistics on filters (match/unmatch), but only from
> stats-level-2 (and as I remember from version 3.10), example cfg:
> @version:
> 3.17
>
>
> @include "scl.conf"
>
> options {
>   stats-level(2);
> };
>
> source s_net {
>   network(
>    port(5555)
>    transport("tcp")
>   );
> };
>
> destination d_net {
>   network(
>     "localhost" port(15554)
>     transport(tcp)
>   );
> };
>
> filter f_test {
>   match("TEST" value(MESSAGE))
> };
>
> log {
>   source(s_net);
>   filter(f_test);
>   destination(d_net);
>   flags(flow-control);
> };
>
>
> and then:
>
> sbin/syslog-ng-ctl query get 'filter.f_test.*'
>
>
> L.
>
> On Thu, Sep 20, 2018 at 12:31 PM, Harish Shetty <harish23shetty at gmail.com>
> wrote:
>
>> Hi All
>>
>> I have  syslog-ng (syslog-ng-3.9.1-1.el6.x86_64) which is running on Red
>> Hat 6.6.  I have rule defined as mentioned below
>>
>> destination d_networkx {
>> file("/mnt/u001/syslog/$HOST/$YEAR$MONTH$DAY/network.log"); };
>>
>> But syslog-ng is unable to write  some logs to local file even though we
>> see  those logs in the tcpdump?  What could be causing this.
>>
>> And  one more thing need to know , is ther any way to check per filter
>> (d_networkx) how many we received and how many we Processed(wrote) to a file
>>
>> Regards
>> Harish Shetty
>>
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>

-- 
Thanks,
Vijay Amrut.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180924/ea7141af/attachment.html>

More information about the syslog-ng mailing list