[syslog-ng] Which way is better/faster
Anton Koldaev
koldaevav at gmail.com
Thu Dec 6 00:02:39 CET 2012
Let's imagine we have one source with some logs:
80% - normal messages (all messages)
20% - specific messages (some complex regex)
Normal messages filter includes specific messages.
We need to put these messages into separate files.
Which way will give more performance?
1.
log(source(s),filter(non-specific),destination(normal),flags(final))
log(source(s),destination(specific),flags(final))
OR
2.
log(source(s),filter(specific),destination(specific))
log(source(s),filter(normal),destination(normal),flags(final))
OR
3.
log(source(s),filter(normal),destination(normal))
log(source(s),filter(specific),destination(specific),flags(final))
--
Best regards,
Koldaev Anton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20121206/8b31bb72/attachment.htm
More information about the syslog-ng
mailing list