[loganalysis] Re: Central syslog server best practices?

• Previous message: Marcus J. Ranum: "[loganalysis] Re: Central syslog server best practices?"
• In reply to: Brian Hatch: "Re: Central syslog server best practices?"
• Next in thread: arkat_private: "Re: [loganalysis] Re: Central syslog server best practices?"
• Next in thread: Marlys A Nelson: "Re: Central syslog server best practices?"
• Reply: arkat_private: "Re: [loganalysis] Re: Central syslog server best practices?"
• Reply: jamie rishaw: "Re: [loganalysis] Re: Central syslog server best practices?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Brian Hatch wrote:
>Since syslog uses UDP, and there's no method to enforce
>retransmits of lost UDP datagrams built into the protocol
>itself, it's quite possible for a busy network to cause
>UDP packet loss

It's worse than that; many kernels will drop packets internally
when interface output queues overrun. So your syslog client is
probably dropping the log messages before they even get off
the box.

mjr.


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

• Next message: E. Todd Atkins: "[loganalysis] Re: Swatch Rules"
• Previous message: Marcus J. Ranum: "[loganalysis] Re: Central syslog server best practices?"
• In reply to: Brian Hatch: "Re: Central syslog server best practices?"
• Next in thread: arkat_private: "Re: [loganalysis] Re: Central syslog server best practices?"
• Next in thread: Marlys A Nelson: "Re: Central syslog server best practices?"
• Reply: arkat_private: "Re: [loganalysis] Re: Central syslog server best practices?"
• Reply: jamie rishaw: "Re: [loganalysis] Re: Central syslog server best practices?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 15:02:54 PDT