[syslog-ng] syslog-ng event capability
Gergely Nagy
algernon at balabit.hu
Mon Aug 8 11:08:14 CEST 2011
curious curious <curiouscpcurious at gmail.com> writes:
> What are the capabilities , limits of syslog-ng daemon? When does it fail to
> send the logs to the destination? How many events/logs per second can it
> handle without dropping anything?
Your questions cannot be correctly answered without more information,
because the performance and reliability of syslog-ng greatly depends on
the config.
For example, the speed will be much different depending on whether you
write to file, network (with or without TLS) or to a database (SQL or
MongoDB). Reliability will be very different with udp() and tcp()
sources (or udp() or tcp() destinations).
And there's a whole lot of knobs one can tweak to make syslog-ng perform
better, and adapt it to the system's needs.
While I do not have benchmarks for syslog-ng OSE, there is one for PE 4F1:
http://pzolee.blogs.balabit.com/2011/07/do-you-want-to-process-800-000-messagessec/
syslog-ng PE 4F1 is based on the 3.3 OSE core, and Bazsi is in the
process of merging the patches, so 3.3 should perform similarly, I
believe.
That's about performance... about reliability: it starts to drop
messages when the internal memory queue gets full: when the number of
incoming logs is bigger than the amount it can push out. When that
happens (if it happens at all) depends on the configuration and the
system.
Hope this helps!
And for a full list of capabilities, see the recently published OSE 3.3
admin guide here:
http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guides/syslog-ng-ose-v3.3-guide-admin-en.html/bk01-toc.html
--
|8]
More information about the syslog-ng
mailing list