30 Jul
2019
30 Jul
'19
10:26 a.m.
Hi, On Mon, Jul 29, 2019 at 02:59:33PM +0000, Faine, Mark R. (MSFC-IS40)[NICS] wrote:
I have several Splunk log aggregators that gets thousands of messages per second but we are seeing issues with dropping messages from UDP sources.
I've read the section in the docs about handling large message load and we've made many of those changes. Do you have any other suggestions to improve performance?
We are using flow control. We have made the following sysctl changes: - net.core.rmem_max = 268435456 - net.core.netdev_max_backlog = 2000
did you check https://www.syslog-ng.com/community/b/blog/posts/improved-log-collection-ove... for the udp part?