Just a few notes on this,
$! in a template will include all variables under $!, so you don't have to go
through listing them all one at a time. This also lets you add additional
metadata (when did the relay receive the message, what IP was it from, which
relay processed the message, etc) by just doing
set $!trusted!relay = $$myhostname;
or things like this. I like to put all the metadata added by rsyslog under
$!trusted so that it isn't going to conflict with other data.
When you are load balancing, you probably want to configure the rebindinterval,
this tells rsyslog to disconnect and reconnect every X messages. Load balancers
can't move long-running connections from one destination to another, they can
only move new connections. If everything is stable and running for a long time,
and you add a destination serve to the pool, nothing will start sending to it
until things disconnect. Rebind interval makes this happen as frequently as you
need it to. I like to have it rebind every second or so under high load (with
the thinking that systems should be able to handle a seconds worth of being
overloaded and recover in a reasonable timeframe)
David Lang
On Fri, 8 Apr 2016, Matt Ford wrote:
Thanks for the help guys - I got my prototype working. I wrote up
some stuff about the final design here
https://www.bashton.com/blog/2016/elk-on-ark/
On 7 April 2016 at 19:27, David Lang <[email protected]> wrote:
On Thu, 7 Apr 2016, Matt Ford wrote:
One thing that makes me nervous is the overhead of doing the
transformation via normalize on rsyslog. Some the applications
generate a lot of logs per second.
mmnormalize is very fast, and it's getting faster as it transitions from
json-c to libfastjson and optimizations hit the library.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
