Re: [loganalysis] Re: Central syslog server best practices?

From: jamie rishaw (jamieat_private)
Date: Tue Aug 14 2001 - 09:29:29 PDT

  • Next message: Robert Collins: "Re: [loganalysis] Re: Central syslog server best practices?"

    On Mon, Aug 13, 2001 at 09:38:04AM -0400, Marcus J. Ranum wrote:
    > Brian Hatch wrote:
    > >Since syslog uses UDP, and there's no method to enforce
    > >retransmits of lost UDP datagrams built into the protocol
    > >itself, it's quite possible for a busy network to cause
    > >UDP packet loss
    > 
    > It's worse than that; many kernels will drop packets internally
    > when interface output queues overrun. So your syslog client is
    > probably dropping the log messages before they even get off
    > the box.
    
    Good Sysadmins know how to fine tune their IP stacks to avoid these
    problems. :-)
    
    FreeBSD:
    sysctl for net.inet.udp.recvspace, maxdgram
    kernel options NMBCLUSTERS
    
    Solaris:
    ndd /dev/udp: udp_recv_hiwat, udp_max_buf
    
    AIX:
    'no' -o udp_recvspace
    
    Linux:
    'ftp ftp.freebsd.org'
    
    jamie
    -- 
    jamie rishaw <jamieat_private>
    sr. wan/unix engineer/ninja // playboy enterprises inc.
    opinions stated are mine, and are not necessarily those of the bunny.
    dance like it hurts. love like you need money. work when people are watching.
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 14:44:31 PDT