![]() Increasing flush-lines() from 0 to 100 can increase the performance of syslog-ng OSE by 100%. Increase the value of the flush-lines() parameter. Other retrieval and run-time updating methods may include an HTTP/TLS request using the tls config plugin. This plugin is a data retrieval method and is set to filesystem by default. For example, to receive 2000 messages per second, set the so-rcvbuf() at least to 2 097 152 bytes. The osquery 'configuration' is read from a config plugin. In such cases, you will need to increase the _max parameter of the host (for example, to 1024000), but do not modify _default parameter.Īs a general rule, increase the so-rcvbuf() so that the buffer size in kilobytes is higher than the rate of incoming messages per second. Note that on certain platforms, for example, on Red Hat Enterprise Linux 5, even low message load (~200 messages per second) can result in message loss, unless the so-rcvbuf() option of the source is increased. When receiving messages using the UDP protocol, increase the size of the UDP receive buffer on the receiver host (that is, the syslog-ng OSE server or relay receiving the messages). Use simple filter functions and logical operators instead. ![]() Evaluating general regular expressions puts a high load on the CPU. ĭo not use regular expressions in our filters.Under heavy load, the users are not be able to read the messages from the console, and it slows down syslog-ng. ĭo not use the usertty() destination driver.For details, see Managing incoming and outgoing messages with flow-control. Įnable flow-control for the TCP sources.For details, see Using name resolution in syslog-ng. ![]() Optimizing the performance is important for syslog-ng hosts that handle large traffic.ĭisable DNS resolution, or resolve hostnames locally. This section provides tips on optimizing the performance of syslog-ng. Best practices and examples > Handling large message load
0 Comments
Leave a Reply. |