What sort of log volume are you talking about here? (logs/sec type of
thing)
From 0 to thousand-thousands/sec
Logstash needs something like redis because it can't do any queueing
itself. Rsyslog is built around queues, and has the ability to create
multiple queues and piplines internally, you don't need to run
multiple instances.
I want multiples instances in order to:
* Being able to process pipelines on different containers/hosts
* Isolate pipelines to prevent problems on one affecting others
* (others)
What you would do is create a ruleset for each application (pipeline)
and give that ruleset it's own queue.
I know it can be done, but not what I'm looking for. Moreover, I would
love to be a "dynamic" configuration
As new logs arrive, you then sort them by application, and for each
application (or application category), you call the appropriate ruleset.
And, if there are a lot of evt/sec, you may have a bottleneck. I'll
probably have a rsyslog cluster based on docker swarm mode
All processing from that point on will take place in different threads
working on different queues for each category.
Will I be able to "reload" rsyslog configuration to add/delete new
rulesets/pipelines?
Give it a try, I'll bet that you find the result much simpler and faster.
I expecting your reply ;)
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
