>>>>> "Matthew" == Matthew N Dodd <winter@jurai.net> writes:

    Matthew> On Thu, 9 Jul 1998, Daniel Brown wrote:

    >> > What does `netstat -p udp` say?
    >> dan@sun3[~/dev]: netstat -p udp
    >> udp:
    >> 48442 datagrams received
    Matthew> [snip]
    >> 641 dropped due to full socket buffers
    Matthew>           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    Matthew> This is your problem.

    Matthew> net.inet.udp.recvspace may need to be adjusted (If I'm reading the source
    Matthew> correctly.)

  Unfortunately, that doesn't help as much as one would like with UNIX domain
sockets.  Since there is no network involved (not even a loopback device) ,
you'd expect that local sockets would be reliable, but they aren't.
  If syslogd can't keep up with the logs, then you lose logs. 

  datagram sockets are not appropriate for security related logging. One
thing that I did when I worked for a firewall company was adjust Unix domain
sockets to be flow controlled (but not connected). I kept looking at
SOCK_RDM, but it was connected, and I wanted something that was unconnected
so that syslogd didn't have to maintain a zillion file descriptors.
  [In cany case, SOCK_RDM wasn't implemented on any but one platform
that we had]

   :!mcr!:            |  "Elegant and extremely rapid for calculation are the 
   Michael Richardson | techniques of Young tableaux. They also have the merit
                      | of being fun to play with." - p.47 Intro to Quarks&Partons
 Personal: mcr@sandelman.ottawa.on.ca. PGP key available.
 Corporate: sales@sandelman.ottawa.on.ca.