[syslog-ng] Tips for handling large message load
Fabien Wernli
wernli at in2p3.fr
Tue Jul 30 09:26:27 UTC 2019
Hi,
On Mon, Jul 29, 2019 at 02:59:33PM +0000, Faine, Mark R. (MSFC-IS40)[NICS] wrote:
> I have several Splunk log aggregators that gets thousands of messages per second but we are seeing issues with dropping messages from UDP sources.
>
> I've read the section in the docs about handling large message load and we've made many of those changes. Do you have any other suggestions to improve performance?
>
> We are using flow control. We have made the following sysctl changes:
> - net.core.rmem_max = 268435456
> - net.core.netdev_max_backlog = 2000
did you check
https://www.syslog-ng.com/community/b/blog/posts/improved-log-collection-over-udp
for the udp part?
More information about the syslog-ng
mailing list