Just a bit of a head's up and a refresh of this with perhaps some new

> Good to hear :-) We recently also started investigating the Audit 
> capabilities for (notice I write "for" and not "in") IPA. You can 
> check my initial nudge to the freeipa-users list, which was
> unfortunately with no reply:
> https://www.redhat.com/archives/freeipa-users/2015-March/msg00940.html

First up, just got round to reading this Martin.  Not sure how I missed
when it first came out as it's a strong area of interest for me.

The main part of what this message is about is a big change I made to
logging recently.  I added in 4 of our main production IPA servers
are 8 in total, but 4 sit beyond firewalls that take more scrutiny for
changes than I wanted for now).  The 4 I've added, though, serve more
clients I figure.  The amount of log traffic to the pair of Logstash
servers has now jumped from around 50k records/hour to around 250k.

Doubtless this still doesn't push any of the parts to their limits, but
there has been a barely noticeably increase in CPU usage on the 2
servers.  We've gone from around 2% CPU usage to 4%.

Since the CPU usage on our 'loudest' IPA server rarely peaks above 10%,
this doesn't present nearly as much load as I had anticipated.  I have
Logstash parsers on my DEV IPA boxes, but will now investigate running
them on my Prod servers too.

What I'm getting at is that perhaps clients sending logs back to the IPA
servers for parsing, then being sent on to a central DB for storage,
going to break the bank performance-wise.

All of the systems in question here are 2vCPU with 4Gb vRAM running on
hosts, so nothing special in the performance arena.

It strikes me as a reasonably elegant solution to pair the
and log parsing services on the same set of servers.  This would allow
client to use the same servers/failover etc for SSSD as for rsyslog.

There may, of course, be other considerations, but I'm suggesting that
system load isn't necessarily one of them.  Much as projects such as
can run with everything on the same server, or split out Postgres and
like onto separate servers when there are performance considerations.

Thoughts?  I'm not saying they should always be paired, but that if a
designs a system with enough horse power, this piggy-backing could work



This message has been checked for viruses and spam by the Virgin Money email 
scanning system powered by Messagelabs.

This e-mail is intended to be confidential to the recipient. If you receive a 
copy in error, please inform the sender and then delete this message.

Virgin Money plc - Registered in England and Wales (Company no. 6952311). 
Registered office - Jubilee House, Gosforth, Newcastle upon Tyne NE3 4PL. 
Virgin Money plc is authorised by the Prudential Regulation Authority and 
regulated by the Financial Conduct Authority and the Prudential Regulation 

The following companies also trade as Virgin Money. They are both authorised 
and regulated by the Financial Conduct Authority, are registered in England and 
Wales and have their registered office at Jubilee House, Gosforth, Newcastle 
upon Tyne NE3 4PL: Virgin Money Personal Financial Service Limited (Company no. 
3072766) and Virgin Money Unit Trust Managers Limited (Company no. 3000482).

For further details of Virgin Money group companies please visit our website at 

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to