Background:
I am relatviely new to the use of rsyslog. I am testing with v6.1.2.
The company I am helping wants to test the feasibility of using rsyslog
as an aggregating logger that is capable of 50mb/sec bursts of messages.
We have written our own output module that preps these messages
received for other steps in our pipeline.
I am conducting tests that are measuring the throughput of various
client/protocol to aggregating log server configurations. The plan is
to use a box with multi-core/multi-processor/multi-network
interfaces/fast disks and lots of memory to receive these messages from
multiple "client" boxes running [r]*syslog[-ng]* or windows variant.
From what I have read in the manual and on the web site, it looks like
"plain" tcp is likely to perform best at moving messages to the
aggregating server for us. BTW, I have a similar configuration that
uses the disk based overflow to capture the messages.
Below is one of the aggregating log server conf files that I am
considering. It is trying to utilize the InputPTCPServerListenIP
directive to listen to a local IP on a multi-homed host. This doesn't
seem to work for me.
The port based configuraitons seem to work fine, but the IP listener on
real and/or aliased local IPs isn't happening.
I have taken the advice in the manual... to keep the rules as simple as
possible. I was hoping to use the local IP addresses to spread the work
across multiple queues with minimal parsing for message identity.
Questions:
Am I doing something wrong? (it certainly wouldn't be the first time :-)
Is $InputPTCPServerListenIP supported in 6.1.2?
Finally, if you had to make rsyslog go as fast as possible, what
strategy would you use? Is the plain tcp the way... i.e., for systems
that can send tcp?
Insights into this would be much appreciated.
TIA,
Rich Johnson
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# ourcompany module test 9. See README for more information about the
testing.
#
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by
rklogd)
#$ModLoad immark # provides --MARK-- message capability
# commented out KLogPath fails due to access permissions... use setup
fifo pipe
# at /var/run/rsyslog/kmsg instead
#$KLogPath /proc/kmsg
$KLogPath /var/run/rsyslog/kmsg
# provides UDP, TCP and Plain TCP syslog reception respectively
$ModLoad imptcp
# load ourcompany output module
$ModLoad omourcompany
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages
# $RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
# establish default location for spool files
$WorkDirectory /var/rsyslog/work
###########################
#### Std Local Rules ######
###########################
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
########################
# ourcompany special template (see
http://www.rsyslog.com/doc/property_replacer.html for possibilities)
$template
ourcompanyFormat,"%timegenerated%,%hostname%,%syslogtag%,%msg%\n",sql
# Test clients send TCP traffic on port 10515 (rsyslogd clients). This
is like test 2
# except that PTCP is used. It is a high perf version of the tcp input
handler and has
# the advantage of being configured to listen to a local address. Here
is the server
# rule setup:
$RuleSet clients
$RulesetCreateMainQueue on # create ruleset-specific queue
user.info;local3.info;local4.info;local5.info;local6.info;uucp.info
:omourcompany:;ourcompanyFormat
& ~
# bind rulesets to plain tcp listener
$InputPTCPServerInputName clients
$InputPTCPServerBindRuleset clients
$InputPTCPServerListenIP 192.168.10.10
# and activate it:
$InputPTCPServerRun 10515
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
