I use syslog4j (current version from 2011) to receive syslog messages. Obviously some of them are not processed and I can see using wireshark that they leave the originating server and arrive on my server which runs the syslog4j program.
Unfortunately I am limited to using syslog with udp as this is the only configuration the sender supports. But as I can see the packets in the wireshark this does not seem to be the cause of the problem.
My program looks like this:
SyslogServerIF syslogServer = SyslogServer.getInstance("udp");
SyslogServerConfigIF syslogServerConfig = syslogServer.getConfig();
syslogServerConfig.addEventHandler( new MyEventHandler());
SyslogServer.getThreadedInstance("udp");
while (true) {
SyslogUtility.sleep(1000);
}
My (abbreviated) version of the Handler is written this way:
public class MyEventHandler implements SyslogServerSessionEventHandlerIF {
public void event(Object session, SyslogServerIF syslogServer,
SocketAddress socketAddress, SyslogServerEventIF event) {
System.out.println("event.msg : " + event.getMessage());
System.out.println("event.date: " + event.getDate());
}
}
There is no high load on the application (about 100 messages in 5 minutes) but 10 to 20% of the messages are lost