Main poller
7 APEs
1 DB
1 WebSErver
Syslogs has a discards rule that is getting 2500 per hour
Any idea why this service is being bogged down with memory consumption and what can i do to correct it ?
It is still hitting your SolarWinds servers. Syslogs are chatty and when the end devices are pumping in a lot of syslogs into SolarWinds it does cause a performance issue. Even though you place a discard rule it doesnt really help to a great extent, the only advantage with the discard rule is that you are not saving that syslog on your SolarWinds database, but eventually SolarWinds is still receiving the syslog and it needs to discard the same hence your SolarWinds is still being bombarded with syslogs.
There are a few ways i can suggest, but neither is easy, this is totally upto you on how you want to proceed.
1. Get the configuration changed on the end device - dont pump in all syslogs to SolarWinds.
2. Introduce a intermittent syslog receiver if point 1 cannot be achieved. Rather than all syslogs coming to SolarWinds send it to a syslog receiver which can handle the load and only send relevant or filtered syslogs to SolarWinds. This is the approach that I took to avoid the same issue in my environment. I have a syslog receiver in place which consumes all syslogs from end device and only the ones above warning is being sent to SolarWinds the remaining ones are being stored on syslog receiver.
Note: We do have an option in SolarWinds to receive syslogs be it SolarWinds OLV or LEM doesnt really matter, but that isn't the primary functionality of SolarWinds, syslogs are good to have but you can't size SolarWinds to consume everything as this has a direct impact on SolarWinds performance. If syslog count is huge you should decide to go with an alternative tool like SolarWinds Kiwi Syslog or any other tool that best suites the need. Hope this helps.
__PRESENT__PRESENT
