Thanks for the response what do I need to modify it to?
# Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 # Controls the default maxmimum size of a mesage queue kernel.msgmnb = 65536 # Controls the maximum size of a message, in bytes kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296 ----- Original Message ----- From: rmkml Sent: 08/08/13 09:48 AM To: Robert Ortiz Subject: Re: [rsyslog] performance tweaking Hi Robert, Could you tweak sysctl.conf please? Regards @Rmkml On Thu, 8 Aug 2013, Robert Ortiz wrote: > Hey Guys, > > I am new to this mailing list and I wanted to see about getting some pointers if possible regarding tweakin rsyslog: > > I am pretty new to rsyslog, and I've been given a pretty fun task... to test rsyslog vs syslog-ng and pick the best one, I am having a problem with rsyslog where im at 25K/mps and im dropping logs, I need to get it at 100k mps with and I'm not sure where the misconfiguration is if anyone could take a look I would really appreciatte it, > > my current setup: > > rhel 6.4 x86_64 > rsyslog-5.8.10-2.el6.x86_64 > Dual Intel(R) Xeon(R) CPU E5-2609 0 @ 2.40GHz > 32GB RAM > 500GB 15k raid 0 > > > # rsyslog v5 configuration file > > # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html > # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html > > #### MODULES #### > > $ModLoad imuxsock # provides support for loc al system logging (e.g. via logger command) > $ModLoad imklog # provides kernel logging support (previously done by rklogd) > #$ModLoad immark # provides --MARK-- message capability > > # Provides UDP syslog reception > $ModLoad imudp > $UDPServerRun 514 > # $UDPServerTimeRequery 10 > > # Provides TCP syslog reception > #$ModLoad imtcp > #$InputTCPServerRun 514 > > > #### GLOBAL DIRECTIVES #### > > # Use default timestamp format > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > > # File syncing capability is disabled by default. This feature is usually not required, > # not useful and an extreme performance hit > #$ActionFileEnableSync on > > # Include all config files in /etc/rsyslog.d/ > $IncludeConfig /etc/rsyslog.d/*.conf > > # Set Buffer Size - default is 4k > # $OMFileIOBufferSize 128k > # Set Main Message Queue Size - default is 10000 > # $MainMsgQueueSize 50000 > > #### RULES #### > > # Log all kernel messages to the console. > # Logging much else clutters up the screen. > #kern.* /dev/console > > if $hostname contains 'pdc' then /var/log/test/f_ad > & ~ > if $hostname contains 'fdfw' then /var/log/test/f_fw > & ~ > if $hostname contains 'mail' then /var/log/test/f_mail > & ~ > if $hostname contains 'pix' then /var/log/test/ix > & ~ > if $hostname contains 'rout' then /var/log/test/rout > & ~ > if $hostname contains 'networks' then /var/log/test/net > & ~ > #if $fromhost-ip == '10.0.0.10' then /var/log/test/thost > #& ~ > #if $hostname startswith 'virtserv' then /var/log/test/test_virtserv > #&~ > #if $fromhost-ip startswith '10.0.6' then /var/log/test/test_10.0.6 > #& ~ > > > # Log anything (except mail) of level info or higher. > # Don't log private authentication messages! > #*.info;mail.none;authpriv.none;cron.none /var/log/messages > *.debug /var/log/messages > > # Log all the mail messages in one place. > mail.* -/var/log/maillog > > > # Log cron stuff > cron.* /var/log/cron > > # Everybody gets emergency messages > *.e merg * > > # Save news errors of level crit and higher in a special file. > uucp,news.crit /var/log/spooler > > # Save boot messages also to boot.log > local7.* /var/log/boot.log > > > # ### begin forwarding rule ### > # The statement between the begin ... end define a SINGLE forwarding > # rule. They belong together, do NOT split them. If you create multiple > # The statement between the begin ... end define a SINGLE forwarding > # rule. They belong together, do NOT split them. If you create multiple > # forwarding rules, duplicate the whole block! > # Remote Logging (we use TCP for reliable delivery) > # > # An on-disk queue is created for this action. If the remote host is > # down, messages are spooled to disk and sent when it is up again. > #$WorkDirectory /var/lib/rsyslog # where to place spool files > #$ActionQueueFileName fwdRule1 # unique name prefix for spool files > #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) > #$ActionQueueSaveOnShutd own on # save messages to disk on shutdown > #$ActionQueueType LinkedList # run asynchronously > #$ActionResumeRetryCount -1 # infinite retries if host is down > # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional > #*.* @@remote-host:514 > # ### end of the forwarding rule ### > > > > Robert. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > Robert. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
