On Mon, Aug 13, 2001 at 09:38:04AM -0400, Marcus J. Ranum wrote: > Brian Hatch wrote: > >Since syslog uses UDP, and there's no method to enforce > >retransmits of lost UDP datagrams built into the protocol > >itself, it's quite possible for a busy network to cause > >UDP packet loss > > It's worse than that; many kernels will drop packets internally > when interface output queues overrun. So your syslog client is > probably dropping the log messages before they even get off > the box. Good Sysadmins know how to fine tune their IP stacks to avoid these problems. :-) FreeBSD: sysctl for net.inet.udp.recvspace, maxdgram kernel options NMBCLUSTERS Solaris: ndd /dev/udp: udp_recv_hiwat, udp_max_buf AIX: 'no' -o udp_recvspace Linux: 'ftp ftp.freebsd.org' jamie -- jamie rishaw <jamieat_private> sr. wan/unix engineer/ninja // playboy enterprises inc. opinions stated are mine, and are not necessarily those of the bunny. dance like it hurts. love like you need money. work when people are watching. --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 14:44:31 PDT