On 2014-05-12 4:10, Nguyễn Văn Hớn wrote:
[1]hi everybody.
when i see the picture.I wonder" how do you know certainly server get
the logs from agent. because it uses UDP port 1514" udp protocal never
check destination have recived packet when it send on network
The short answer is "you don't." That's simply the nature of UDP.
Packets could be lost, just as with native syslog when traffic on the
network is congested. Apart from traffic shaping, there's not much you
can do about that.
What is under your control though, and what is often overlooked, is the
kernel UDP buffer. If "netstat -s | grep "packet receive errors"" shows
packet loss then you may need to adjust net.core.rmem_max and
net.core.rmem_default in /etc/sysctl.conf.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
