Hi All,
I am using a centralised rsyslog server of version 8.24.0-34.el7 configured on a RHEL 7.7 OS, presently I had around 1600-1800 clients to which my rsyslog server was listening to , now I plan to scale the number of clients by an addition 6000 nodes , I want to know whether my rsyslog server will be able to support the new number of scaled up nodes or not, like how many connections can a rsyslog server support , also one client established 4 connections with my server ? Here is an extract from my server’s configuration file: *#### MODULES ####* *# The imjournal module bellow is now used as a message source instead of imuxsock.* *$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)* *$ModLoad imjournal # provides access to the systemd journal* *#$ModLoad imklog # reads kernel messages (the same are read from journald)* *#$ModLoad immark # provides --MARK-- message capability* *# Provides UDP syslog reception* *$ModLoad imudp* *$UDPServerRun 514* *# Provides TCP syslog reception* *$ModLoad imtcp* *$InputTCPMaxSessions 2048* *$InputTCPServerRun 11514* *#### GLOBAL DIRECTIVES ####* *# Where to place auxiliary files* *$WorkDirectory /var/lib/rsyslog* *# Use default timestamp format* *$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat* *# File syncing capability is disabled by default. This feature is usually not required,* *# not useful and an extreme performance hit* *#$ActionFileEnableSync on* *# Include all config files in /etc/rsyslog.d/* *$IncludeConfig /etc/rsyslog.d/*.conf* *# Turn off message reception via local log socket;* *# local messages are retrieved through imjournal now.* *$OmitLocalLogging on* *# File to store the position in the journal* *$IMJournalStateFile imjournal.state* *#### RULES ####* **.info;mail.none;authpriv.none;cron.none;auth.none;kern.none;local7.none @@dummy_siem:514* *authpriv.* @@dummy_siem:514* *auth.* @@dummy_siem:514* *kern.* @@dummy_siem:514* *mail.* @@dummy_siem:514* *cron.* @@dummy_siem:514* *local7.* @@dummy_siem:514* *:fromhost-ip, !isequal, "127.0.0.1" ~* *# Log all kernel messages to the console.* *# Logging much else clutters up the screen.* *#kern.* /dev/console* *# Log anything (except mail) of level info or higher.* *# Don't log private authentication messages!* **.info;mail.none;authpriv.none;cron.none /var/log/messages* *# The authpriv file has restricted access.* *authpriv.* /var/log/secure* *# Log all the mail messages in one place.* *mail.* -/var/log/maillog* *# Log cron stuff* *cron.* /var/log/cron* *# Everybody gets emergency messages* **.emerg :omusrmsg:** *# Save news errors of level crit and higher in a special file.* *uucp,news.crit /var/log/spooler* *# Save boot messages also to boot.log* *local7.* /var/log/boot.log* *auth.* /var/log/audit/audit.log* *# ### begin forwarding rule ###* *# The statement between the begin ... end define a SINGLE forwarding* *# rule. They belong together, do NOT split them. If you create multiple* *# forwarding rules, duplicate the whole block!* *# Remote Logging (we use TCP for reliable delivery)* *#* *# An on-disk queue is created for this action. If the remote host is* *# down, messages are spooled to disk and sent when it is up again.* *$ActionQueueFileName fwdRule1 # unique name prefix for spool files* *$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)* *$ActionQueueSaveOnShutdown on # save messages to disk on shutdown* *$ActionQueueType LinkedList # run asynchronously* *$ActionResumeRetryCount -1 # infinite retries if host is down* *# remote host is: name/ip:port, e.g. 192.168.0.1:514 <http://192.168.0.1:514>, port optional* *#*.* @@remote-host:514* *# ### end of the forwarding rule ###* *$FileCreateMode 0640* *$InputTCPServerRun 514* Regards, Pratik Rana _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
