Re: [loganalysis] Re: Central syslog server best practices?

From: arkat_private
Date: Tue Aug 14 2001 - 14:54:13 PDT

  • Next message: Robin Edgar, Tripany: "Re: [loganalysis] Re: Central syslog server best practices?"

    nuqneH,
    
    It is *not* a proper fix, just a usable workaround :(
    
    YOU (jamie rishaw) WROTE:
    >  
    >  On Mon, Aug 13, 2001 at 09:38:04AM -0400, Marcus J. Ranum wrote:
    >  > Brian Hatch wrote:
    >  > >Since syslog uses UDP, and there's no method to enforce
    >  > >retransmits of lost UDP datagrams built into the protocol
    >  > >itself, it's quite possible for a busy network to cause
    >  > >UDP packet loss
    >  > 
    >  > It's worse than that; many kernels will drop packets internally
    >  > when interface output queues overrun. So your syslog client is
    >  > probably dropping the log messages before they even get off
    >  > the box.
    >  
    >  Good Sysadmins know how to fine tune their IP stacks to avoid these
    >  problems. :-)
    >  
    >  FreeBSD:
    >  sysctl for net.inet.udp.recvspace, maxdgram
    >  kernel options NMBCLUSTERS
    >  
    >  Solaris:
    >  ndd /dev/udp: udp_recv_hiwat, udp_max_buf
    >  
    >  AIX:
    >  'no' -o udp_recvspace
    >  
    >  Linux:
    >  'ftp ftp.freebsd.org'
    >  
    
    -- 
                                         _     _  _  _  _      _  _
     {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
     (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
     [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 11:18:24 PDT