curious curious <curiouscpcurious@gmail.com> writes:
What are the capabilities , limits of syslog-ng daemon? When does it fail to send the logs to the destination? How many events/logs per second can it handle without dropping anything?
Your questions cannot be correctly answered without more information, because the performance and reliability of syslog-ng greatly depends on the config. For example, the speed will be much different depending on whether you write to file, network (with or without TLS) or to a database (SQL or MongoDB). Reliability will be very different with udp() and tcp() sources (or udp() or tcp() destinations). And there's a whole lot of knobs one can tweak to make syslog-ng perform better, and adapt it to the system's needs. While I do not have benchmarks for syslog-ng OSE, there is one for PE 4F1: http://pzolee.blogs.balabit.com/2011/07/do-you-want-to-process-800-000-messa... syslog-ng PE 4F1 is based on the 3.3 OSE core, and Bazsi is in the process of merging the patches, so 3.3 should perform similarly, I believe. That's about performance... about reliability: it starts to drop messages when the internal memory queue gets full: when the number of incoming logs is bigger than the amount it can push out. When that happens (if it happens at all) depends on the configuration and the system. Hope this helps! And for a full list of capabilities, see the recently published OSE 3.3 admin guide here: http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guide... -- |8]