[rsyslog-notify] Forum Thread: Re: queue functioning correctly and tcpflood or similar - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Thu Jul 7 22:58:54 CEST 2016
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26722#p26722
Message:
----------
first off, you only see significant amount of logs in a queue if the output
cannot keep up with the input. If everything is working well, the queues
are going to always be small.
On my systems, I process hundreds of thousands of events/min and when
everything is working, the biggest queues I see are the ones for the
impstats data (because the stats data is generated milliseconds after
impstats has generated a couple hundred messages)
but impstats will show this all to you.
It sounds as if you have misunderstood one of the key purposes of a syslog
program, it's to deliver messages from one system to another.
take a look at the diagram on the front page of rsyslog.com most of those
things on the right side are ways that rsyslog can use to deliver messages
to another system. take a look at omfwd and omrelp ( <!-- m --><a
class="postlink"
href="http://www.rsyslog.com/doc/v8-stable/configuration/modules/omfwd.html">http://www.rsyslog.com/doc/v8-stable/co
... omfwd.html</a><!-- m --> <!-- m --><a class="postlink"
href="http://www.rsyslog.com/doc/v8-stable/configuration/modules/omrelp.html">http://www.rsyslog.com/doc/v8-stable/co
... mrelp.html</a><!-- m --> ) as they are by far the most common ways to
deliver messages from one system to another.
More information about the rsyslog-notify
mailing list