Re: very busy syslog server

---

• From: "Jin Guojun [VFFS]" <j_guojun@xxxxxxx>
• Date: Sat, 10 Dec 2005 14:58:21 -0800

---

What is "netstat -m" output on your machine?

Mathieu Arnold wrote:

+-le 07/12/2005 12:44 +0200, Imri Zvik écrivait :
| Hi!
| | I'm trying to setup a syslog server to serve a large group of servers.
| For the syslog daemon, I have chosen rsyslogd, and the backend is mysql (on
| a different machine).
| | The machine has 2 Intel Xeon 2.80GHz CPUs, and 1GB of RAM, and it is
| running FreeBSD 6 (6.0-STABLE).
| | The problem is, that I see a lot of UDP packets being dropped:

without any tweaking :
# netstat -s -p udp
udp:
       750858021 datagrams received
       0 with incomplete header
       0 with bad data length field
       0 with bad checksum
       20003 with no checksum
       142075741 dropped due to no socket
       1152246 broadcast/multicast datagrams dropped due to no socket
       1729027 dropped due to full socket buffers
       0 not for hashed pcb
       605901007 delivered
       801662 datagrams output

it's been up for a bit, and I don't use syslog but minirsyslogd, which is in
the ports tree I believe.

CPU: Intel(R) Celeron(R) CPU 2.40GHz (2400.09-MHz 686-class CPU)
 Origin = "GenuineIntel"  Id = 0xf29  Stepping = 9

Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
real memory = 259194880 (247 MB)
avail memory = 243978240 (232 MB)

_______________________________________________
freebsd-performance@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-performance
To unsubscribe, send any mail to "freebsd-performance-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: very busy syslog server
    • From: Mathieu Arnold

• References:
  • very busy syslog server
    • From: Imri Zvik
  • Re: very busy syslog server
    • From: Mathieu Arnold

• Prev by Date: Re: very busy syslog server
• Next by Date: Re: very busy syslog server
• Previous by thread: Re: very busy syslog server
• Next by thread: Re: very busy syslog server
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: UDP errors and syslog & BSD ... > Im using Frebsd as a syslog server at work. ... > 5775699 dropped due to full socket buffers ... You can raise the buffer ... (freebsd-questions) RE: very busy syslog server ... Subject: Re: very busy syslog server ... >Subject: Re: very busy syslog server ... >than one packet per interrupt. ... (freebsd-performance) Re: syslog message generator ... It mentions the option "-u <socket>", but a socket is not an ip address. ... specific parameters like ip address, port number and generate a syslog format message, create the socket and send it to the specified server. ... look at the source code of logger and figure out how to ... provide a socket to logger. ... (alt.os.linux) RE: audit trails for file access ... I actually use NTSyslog to send my logs off to a syslog server, ... On the syslog server side, I use syslog-ng to log to a MySQL database. ... In regards to logging to another machine, use the Eventlog to Syslog ... (Focus-Microsoft) RE: Event log counts... ... | syslog server in our environment. ... Kiwi will send an email to you with this information... ... It's kind of a chicken/egg problem, but dumping the event logs remotely ... Syslog Daemon started on: Fri, ... (Security-Basics)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > performance  > 2005-12