I was curious if there is any limitations on the number of rules you can have in Kiwi and if there are any noticeable performance issues when you have a lot of rules in Kiwi?
hope this helps...
http://www.kiwisyslog.com/help/syslog/index.html?rules_maximumrulecount.htm
That is what I needed though I have a few follow-up questions based on that document...
1. That is correct.
2. 100 is a general suggestion. Try increasing the number in small increments. Observe how the memory usage is affected by looking at the process Syslogd_Service.exe.
wait, did you just get Kiwi to move syslog out of the Orion Database and off the Orion server? I just started on that! I am amazed at how many logs per hour are coming in! I wish Orion had a counter like Kiwi's. Let me know if you find any thing you can pass along, I'll do the same. If thats not what your doing, never mind .
LOL We are not moving to Kiwi though I think that may not be a bad idea for some stuff. I am working on a customer project where we will potentially be providing Log Management as a service and Kiwi is one of the potential products for the job. In all honesty I have really been let down by the options out there as far as Log Management goes.
I started to see the CPU time on the syslog service and how DB disk time is spent with syslog and I decided that it isn't worth slowing down orion to collect syslog. (After I already had Orion, I had a need to gather syslog and so I thought - hey Orion does that! so I started to point everything there and I think the load is taking away from Orion's real purpose, so now I am moving it to Kiwi and then I'll forward the logs I want in Orion)
