Hi, To answer your question about rsyslog in place of Logstash. Short answer: yes. See http://blog.sematext.com/2015/05/18/tuning-elasticsearch-indexing-pipeline-for-logs/ for some info about rsyslog and Logstash comparison when it comes to performance and footprint.
This may also be of interest to you: http://blog.sematext.com/2015/04/13/monitoring-rsyslogs-performance-with-impstats-and-elasticsearch/ Otis -- Monitoring * Alerting * Anomaly Detection * Centralized Log Management Solr & Elasticsearch Support * http://sematext.com/ On Tue, Jun 2, 2015 at 8:33 AM, Muhammad Asif <[email protected]> wrote: > Is there any default queue mechanism in rsyslog. I did not configure any > main and action queue but when i checked imstat statistics. It shows the > following output. > > Tue Jun 2 17:30:17 2015: main Q: size=0 enqueued=60933 full=0 > discarded.full=0 discarded.nf=0 maxqsize=409 > Tue Jun 2 17:31:17 2015: imuxsock: submitted=4 ratelimit.discarded=0 > ratelimit.numratelimiters=3 > Tue Jun 2 17:31:17 2015: action 1: processed=60933 failed=0 > Tue Jun 2 17:31:17 2015: action 2: processed=0 failed=0 > Tue Jun 2 17:31:17 2015: action 3: processed=20 failed=0 > Tue Jun 2 17:31:17 2015: action 4: processed=60913 failed=0 > Tue Jun 2 17:31:17 2015: action 5: processed=0 failed=0 > Tue Jun 2 17:31:17 2015: action 6: processed=0 failed=0 > Tue Jun 2 17:31:17 2015: action 7: processed=0 failed=0 > Tue Jun 2 17:31:17 2015: action 8: processed=0 failed=0 > Tue Jun 2 17:31:17 2015: action 9: processed=0 failed=0 > Tue Jun 2 17:31:17 2015: action 10: processed=0 failed=0 > Tue Jun 2 17:31:17 2015: action 11: processed=0 failed=0 > *Tue Jun 2 17:31:17 2015: action 12: processed=60932 failed=60932* > Tue Jun 2 17:31:17 2015: action 13: processed=60933 failed=0 > Tue Jun 2 17:31:17 2015: imudp(*:514): submitted=0 > Tue Jun 2 17:31:17 2015: imudp(*:514): submitted=0 > Tue Jun 2 17:31:17 2015: imtcp(514): submitted=0 > Tue Jun 2 17:31:17 2015: main Q: size=0 enqueued=60933 full=0 > discarded.full=0 discarded.nf=0 maxqsize=409 > > Why it is showing as many failed messages as many processed. > Can we use rsyslog in place of logstash. > > Thanks > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
