[syslog-ng] 1.6.5 performance
Balazs Scheidler
bazsi at balabit.hu
Fri Oct 21 17:51:55 CEST 2005
On Fri, 2005-10-21 at 08:47 -0700, Scott C wrote:
> The log data we receive from most systems is fairly consistent from
> day to day. That's how I can tell I'm missing some data. But it's
> not to the extent that syslog-ng STATS would seem to indicate.
>
> As for the system-level performance stuff, I don't mean to sound
> pretentious, but I've effectively ruled all of that out. I've
> analyzed all the statistics, and I even opened a ticket with Sun to
> get their two cents worth. They came to the same conclusion that I
> did--the application is simply not keeping up with the IP stack.
>
> Also, although it may not be entirely clear in my original post, these
> relays are just relays. The log messages come in via udp or tcp and
> go right back out via tcp. Any and all processing (including dns and
> regexp) is performed at the back end.
>
> At the end of the day, I guess my real question is, how truly accurate
> is the STATS number that I'm seeing?
Judging your configuration files seem to indicate that the tcp
destination cannot keep up, your files should definitely be ok.
The number of DROPPED entries is STATS is a sum of all destinations, if
you have three destinations then it is equal to three messages.
I always wanted to do per-destination statistics. That would now be
possible with syslog-ng 1.9.x, but that's not yet ready for production.
--
Bazsi
More information about the syslog-ng
mailing list