Re: [loganalysis] Re: Central syslog server best practices?

From: arkat_private
Date: Tue Aug 14 2001 - 06:59:00 PDT

Next message: jamie rishaw: "Re: [loganalysis] Re: Central syslog server best practices?"

Previous message: edward.j.sargissonat_private: "[loganalysis] Logging standards and such"
In reply to: Marcus J. Ranum: "[loganalysis] Re: Central syslog server best practices?"
Next in thread: jamie rishaw: "Re: [loganalysis] Re: Central syslog server best practices?"
Next in thread: Marlys A Nelson: "Re: Central syslog server best practices?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

nuqneH,

Even _much_ worse, BSD derived kernels drop messages on /dev/log and
/dev/klog on really heavy load :( This obviously needs to be fixed.
Increasing box performance is not a proper solution.

We ran into that when i tried to help Darren Reed to fix messages drop
in nsyslogd.

YOU (Marcus J. Ranum) WROTE:
>  
>  Brian Hatch wrote:
>  >Since syslog uses UDP, and there's no method to enforce
>  >retransmits of lost UDP datagrams built into the protocol
>  >itself, it's quite possible for a busy network to cause
>  >UDP packet loss
>  
>  It's worse than that; many kernels will drop packets internally
>  when interface output queues overrun. So your syslog client is
>  probably dropping the log messages before they even get off
>  the box.

-- 
                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: jamie rishaw: "Re: [loganalysis] Re: Central syslog server best practices?"
Previous message: edward.j.sargissonat_private: "[loganalysis] Logging standards and such"
In reply to: Marcus J. Ranum: "[loganalysis] Re: Central syslog server best practices?"
Next in thread: jamie rishaw: "Re: [loganalysis] Re: Central syslog server best practices?"
Next in thread: Marlys A Nelson: "Re: Central syslog server best practices?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 14:44:18 PDT