Hello,
I am testing Kiwi Syslog Server 9.5.0.332 with Kiwi Syslog Gen 2.2.0; both are running on separate computers. On the computer running Kiwi Syslog Server, I am also running Wireshark 1.12.3.
I am trying a single pass of the "500 packet burst every 10 seconds" using UDP as the transport.
Now I understand that UDP is not reliable and that some messages will be lost when performing a burst like this, however I am often seeing that Syslog is only logging a subset of what Wireshark captured. In one of my tests, Wireshark captured 492 of the syslog packets, while Kiwi Syslog only captured 204.
I repeated this test multiple times. Sometimes Kiwi Syslog will capture the same number of packets as Wireshark, but more often Kiwi Syslog only captures a subset.
I was expecting that Kiwi Syslog would always capture the same number of syslog packets as Wireshark. What might be causing this problem?
I attached a filtered version of the Wireshark capture (only UDP packets directed at port 514), and the Syslog capture (in case it helps)
Thanks
Ken
