丢失系统日志数据包
我编写了一个程序,用于侦听 UDP 端口 514 上的系统日志消息,并将任何传入数据包写入日志文件。在部署该程序的其中一台服务器上,它突然停止写入日志文件。它在所有其他服务器上运行良好。
我已采取的诊断问题的步骤。
1) 编写一个 udp 数据包发送器 (A),将 udp 514 上的数据发送到该服务器。该程序接收这些数据包并将它们写入文件就好了。
2) 运行 tcpdump 以查看应该向该服务器发送数据的设备 (B) 是否确实在这样做。是的。
3) 在 tcpdump 运行时运行 (A),查看目标 IP 地址和端口是否与来自 (B) 的数据包相同。他们是。
4) 停止程序并编写一个侦听器,仅将 udp 514 上收到的任何内容打印到屏幕上。侦听器仅打印来自 (A) 的数据包。
周围是否有网络专家可以想到我可以执行的其他诊断测试来找出问题所在?
I wrote a program that listens on UDP port 514 for syslog messages and writes any incoming packets to a log file. On one of the servers where this program is deployed, it has suddenly stopped writing to the log file. It is working fine on all other servers.
Steps I have taken to diagnose the problem.
1) Wrote a udp packet sender (A) that sends data on udp 514 to that server. The program receives those packets and writes them to file just fine.
2) Ran tcpdump to see if the rig (B) that is supposed to send data to that server was in fact doing so. It was.
3) Ran (A) while tcpdump was running to see if the destination IP address and port were the same as the packets from (B). They were.
4) Stopped the program and wrote a listener that just prints anything received on udp 514 to screen. The listener printed only packets from (A).
Are there any network experts around who can think of other diagnostic tests I can perform to find out what's wrong?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果它停止写入日志文件,则可能您的代码有错误。如果 udp 侦听器没有从套接字读取数据,网络嗅探器工具仍会显示传输。使用调试器来找出您的程序正在做什么。
If it stopped writing the log file possibly your code is buggy. If the udp listener does not read data from the socket, the transfer will still be shown by the network sniffer tool. Use a debugger to find out what your program is doing.