We are using a linux system as syslog server w/ agent to parse as too heavy load for LEM itself.
we are slamming the linux system and they wanted to know if multi-thread capable.
Are you using syslog-ng on the linux server?
syslog-ng is multithreaded and able to do very creative filtering, and is able to simultaneously log locally and forward to LEM.
yep, I know it can do crazy filtering and forward, but I need the agent to parse and send that info to LEM.
Our LEM can't handle the load of RAW syslog. The agent is pegging the CPU parsing through the syslogs.
Thanks for the suggestions.
Has support or anyone helped you adjust the memory available to the agent yet? It could be a memory availability issue - we've seen the CPU get pegged more frequently when there isn't enough available memory versus not enough CPU. By default the agent itself only uses something like 64-128M of RAM, which is probably not enough at high throughput.
no, that would be good to test.. this is definitely high throughput. probably 100GB/day on normal day. please let me know how to set that and I'll test it out.
Thanks!
