I am using the nxlog agent version 2.10.2102 to send windows logs to a server.
I know that buffering to disk is an option in the event that connectivity is interrupted.

But, can someone tell me if this is an option when using UDP?
If so how does the UDP protocol know when the connectivity is lost?

Does the NXlog agent poll the server in between bursts of UDP activity to determine when to buffer to disk ??

Or can i only use buffering when configured as sending via TCP ?

thanks guys

AskedNovember 13, 2018 - 4:48pm

Answer (1)

Unfortunately, due to the nature of UDP, we can not properly see if the connection ahead of om_udp is good or accepting datagram, etc.

pm_buffer works between the Input and Output modules though and can be very useful for cases with im_udp accepting udp so that you don't lose any events in the case the Output of that route gets backed up This is due to the UDP sending to im_udp would just keep sending, regardless of if the Input module could handle it.
You are able to change the kernel buffer size with SockBufSize though.

For cases where you need reliability in events reaching their destination, I would choose another output like om_tcp over UDP if you can. NXLog EE has some additional methods of providing event transmission over inconsistent links, like *m_batchcompress.