[syslog-ng] Performance tuning questions
King, John (Greg) (LMIT-HOU)
Greg.King at lmit.com
Wed Aug 23 17:57:24 CEST 2006
Yeah the only other services than syslog are sshd and iptables, nothing
else was installed, the only worry I have with moving from udp to tcp
for such a large number of messages would be denial of service. I recall
some years ago some mmorpg tried using tcp instead of udp for client
data and it brought their system(s) to a halt. Since I am looking at (on
avg) 26000 messages per minute I am worried about what this will do not
only to the syslog server performance but to the agents as well (and
thus the servers the agents reside on).
I am still trying to get time to work on the lab syslog-ng system to
convert redhat es 4 syslog configs into syslog-ng so the standard
logging format for the system is not lost. Then create a rule for tcp
based syslog and slowly ramp up traffic and see what happens in the lab
to get an idea on what to expect.
-Greg
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Kevin
Sent: Wednesday, August 23, 2006 10:41 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Performance tuning questions
Both TCP and UDP have risks and limitations.
If message loss/spoofing are important to you, TCP is the way to go.
(One key exception being logs from PIX firewalls :)
Is the log server handling other services as well?
Kevin
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list