Well, this behaviour certainly looks strange. But it is hard to guess what exactly happens in your 550 rules. I'd say it is best to try out with v6 and report back your findings.
Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Dirk > Sent: Tuesday, February 15, 2011 5:54 PM > To: rsyslog-users > Subject: Re: [rsyslog] Measuring performance of Rsyslog 3 > > Am 15.02.11 10:32, schrieb Rainer Gerhards: > > I guess you look for performance counters. Unfortunately, there are > not > > present before the introduction of impstat in v5. > > We will have a look at that, thanks. We start trying to implant v5 into > SLES10. > > We stumbled upon a strange phenomenon: rsyslog reads messages from a > log > file and sends them to rsyslog on a central log server which parses > them > and writes them to log files. The client needs 1 % CPU for that, and > the > server needs 100 % CPU for that - with only the messages from this one > client! Both machines are exactly the same. > > The configuration on the server is quite complex, so the messages we > test with have to be parsed by 550 rules before they match, get written > and discarded. > > Is this asynchronous resource usage "normal"? Or is it specially v3 > doing it thus - would we benefit from using v5? > Does it depend on the number of rules to be parsed - would we benefit > from using regular expressions (assuming this is possible)? > > Any input, hint or help is greatly appreciated. > > Dirk > > > Rainer > > > >> -----Original Message----- > >> From: [email protected] [mailto:rsyslog- > >> [email protected]] On Behalf Of Dirk > >> Sent: Tuesday, February 15, 2011 10:31 AM > >> To: rsyslog-users > >> Subject: [rsyslog] Measuring performance of Rsyslog 3 > >> > >> Hi folks, > >> > >> is there any possibility to gain some performance impression for > >> rsyslogd 3? I would like to count > >> - how many messages are coming in via tcp > >> - how many messages are written to logs totally > >> - how many messages are written to each log > >> > >> Of course I can write scripts to do "wc -l" for the second and third > >> questions, but with some hundred logs this seems not a good idea, > and > >> real time results or near time results are preferred. > >> > >> Any idea is greatly appreciated. > >> > >> Dirk > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
