|
|
Massive lossage with syslog-ng: msg#00059syslog-ng
My apologies if this has been discussed, as I haven't been able to find anything useful via google or the FM... Syoposis: Syslog-ng drops something on the order of 90% of the logs remotely flung at it. Detail: I'm using syslog-ng 1.5.15 from the Debian stable package archive. I've been tasked with setting up two remote log servers for my employer; both log servers have fairly beefy IDE raids (IOZone gives me an unbuffered write speed of about 40M/sec), and as far as I can tell with vmstat(8) and Our Friend top(1), syslog-ng isn't running into any I/O bottlenecks. The systems have insane CPUs (Athlon XP 2000) and 512M RAM a pop, which considering their intended tasks (syslog and serial console server), should be more than adequate. I've set up several systems to push their logs onto the log server; a Solaris 8 (with native syslog) box, a Debian Linux box (native syslog again), and a Debian Linux box using syslog-ng. Yet syslog-ng seems to dump between 75% and 90% of all the logs handed to it on the floor. Several of the systems we wish to have logging to syslog will throw out about a thousand lines within a second or two, and this is where most of our problems come in. I've tried both TCP and UDP; TCP barely seems to work at all -- I can throw a thousand lines in on one end, see them in the logfile, and see one line of output out on the other side. I've futzed a bit with the FIFO size and the gc_idle/gc_busy numbers, but the latter two are more-or-less undocumented in the manual, so I have no idea what they really do (no units or anything), and the code regarding them is a bit too complex for me to read. I've been googling and chomping upon the syslog-ng documentation for about the past two weeks, and have yet to find a solution. Any suggestions? An FM for me to read? A USENET article I missed? Thanks-in-advance! -- Don Werve <donw@xxxxxxxxxx> (Unix System Administrator) Yorn desh born, der ritt de gitt der gue, Orn desh, dee born desh, de umn bork! bork! bork! _______________________________________________ syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Re: sysnlog-ng lock whole machine ...: 00059, Nate Campi |
|---|---|
| Next by Date: | File permissions not being honored: 00059, Chris Josephes |
| Previous by Thread: | sysnlog-ng lock whole machine ...i: 00059, Pawel Dziekonski |
| Next by Thread: | Re: Massive lossage with syslog-ng: 00059, Balazs Scheidler |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |