[syslog-ng] udp drops
Jan Schaumann
jschauma at netmeister.org
Sun May 31 20:53:51 CEST 2009
Martin Holste <mcholste at gmail.com> wrote:
> Out of curiosity, how many messages per second was the stock syslogd able to
> process with minimal loss?
Between 15K and 18K / s.
> What method did you employ to determine loss?
Effectively:
n1=$(netstat -s -p udp | awk '/dropped due to full socket/ { print $1 }')
sleep 5
n2=$(netstat -s -p udp | awk '/dropped due to full socket/ { print $1 }')
(In reality, there's a tool that works much like sar(1) does and I can
query it for stats, but underneath it happens to use the above logic.)
> I am setting up a similar logging solution with NG using the db-parser module
> which takes considerable CPU. I plan on using Cisco server load balancing
> to round-robin load balance on N number of syslog nodes to achieve zero
> loss
What's your plan for handling the messages on the N nodes? Will they
all just log to their own filesystem, write to a shared filesystem,
write into a database, forward to another system, ... ?
-Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090531/f422897d/attachment.pgp
More information about the syslog-ng
mailing list