This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SysLog dropped packets

0

Hello, I am running an embedded controller with multiple threads and capturing events with SysLog and iprintf so in theory have identical messages generated over the net and the serial port. Ideally they should be the same.

I placed a Wireshark readout alongside the serial readout, and saw that Wireshark had dropped a packet. Is there a limit to the rate at which SysLog messages are captured? I realize this is UDP so there may be dropped packets but its just a home network and have SNMP, SSDP,QUIC,SSDP going on. Is rate of SysLog generation or UDP corruption the most likely cause? Is there any way to make it more robust such as a mutex?

Thanks, Sam

asked 30 Jul '15, 09:26

Sam%20Mallicoat's gravatar image

Sam Mallicoat
6223
accept rate: 0%


One Answer:

0

Is there a limit to the rate at which SysLog messages are captured?

Yes, it depends on several parameters on your system (CPU speed, IO speed, etc.).

HOWEVER you say, that you are sending the same syslog messages via a serial link. I doubt that the message rate via the serial link is high enough to cause any problems while capturing identical syslog messages sent via the network.

So, either there is real packet loss somewhere in your network OR you are not sending every syslog message via the network (bug in your code, bug in the local syslog implementation, etc.)

Regards
Kurt

answered 03 Aug '15, 02:37

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%