Hello, I'm implementing a central log server over a large class B network, and have chosen syslog-ng as the server. One of syslog-ng's features is that it can report the number of messages dropped internally, usually through either the receive or write buffers not being large enough. These values can be tweaked, and at least you know when there is something going wrong. But what if the OS kernel drops the message? Does anyone here have any experience with the OS losing messages before they get to the syslogd process? How can this be monitored and overcome? The server (Red Hat Advanced Server) will be accepting logs over both UDP and TCP (and possibly via SSH port forwarding and/or stunnel), sitting on a 100Mb connection, and may potentially have hundreds of machines logging to it, as well as routers, switches, and several very high volume proxy servers. Any thoughts? Thanks Phil _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Sep 18 2003 - 21:08:40 PDT