On Tue, 1 Oct 2013, Robert wrote:
This is the command
[rcortiz@simon ~]$ sudo /usr/sbin/tcpdump -i eth2.10 -nn port 514 | cut -c 1-8
| uniq -c
This is the output
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2.10, link-type EN10MB (Ethernet), capture size 65535 bytes
<SNIP>
=
41205248 packets captured
49649942 packets received by filter
8444281 packets dropped by kernel
so we still have a significant portion being dropped, let's see if we can
address that (given what's going on with rsyslog, we need some way of telling
what is actually getting to the box)
let's try running tcpdump at a higher priority
sudo nice -n -10 /usr/sbin/tcpdump -i eth2.10 -nn port 514 | cut -c 1-8 | uniq
-c
David Lang
The reason why I think its writing the proper amount is because in the spirent,
I can set the frames per second as I wish, so for example I write:
17500 fps to f_ad
115000 fps to f_fw
25000 fps to f_shib
25000 fps to f_mail
17500 fps to f_vm
17500 fps to f_pix
17500 fps to f_networks
15000 fps to f_router
and when I check using: grep for a particular second ( see below) for all logs
I get the 250,000 fps that I set the spirent to, and if I look at the number
for each log, I get what I set the spirent to.
[rcortiz@simon test]$ ls
f_ad f_fw f_mail f_networks f_pix f_router f_shib f_vm
[rcortiz@simon test]$ sudo grep 12:08:05 * | wc -l
250008
[rcortiz@simon test]$ sudo grep 12:08:06 * | wc -l
250000
[rcortiz@simon test]$ sudo grep 12:08:07 * | wc -l
249999
[rcortiz@simon test]$ sudo grep 12:08:08 * | wc -l
250011
[rcortiz@simon test]$ sudo grep 12:08:09 * | wc -l
249999
[rcortiz@simon test]$ sudo grep 12:08:09 f_fw | wc -l
115000
[rcortiz@simon test]$ sudo grep 12:08:10 f_fw | wc -l
115000
[rcortiz@simon test]$ sudo grep 12:08:11 f_fw | wc -l
115000
[rcortiz@simon test]$ sudo grep 12:08:11 f_mail | wc -l
24999
[rcortiz@simon test]$ sudo grep 12:08:12 f_mail | wc -l
25002
[rcortiz@simon test]$ sudo grep 12:08:12 f_shib | wc -l
25000
[rcortiz@simon test]$ sudo grep 12:08:12 f_vm | wc -l
17500
[rcortiz@simon test]$ sudo grep 12:08:12 f_ad | wc -l
17501
[rcortiz@simon test]$ sudo grep 12:08:12 f_ | wc -l
Robert.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
