Hi Peter, we did not do the comparison I admit. But remember that the tool stems back to 1998 where performance was much more constraint compared to now. Of course, APIs changed, requiring more performance. But we always kept the tool in the spirit to use as few resources as possible. I wrote the initial IIS file monitor myself. It has a bit more overhead, because it handles all the "anomalies" of IIS log files (nul byte padding to name a specific one), but I would really be surprised if that uses notable resources.
Do you have any indication the rsyslog windows agent causes problems? Rainer El mié., 11 nov. 2020 a las 14:18, Peter Viskup (<[email protected]>) escribió: > > Hello Rainer, > just curious about the resources rsyslog windows agent requires. Maybe in > comparison to nxlog or others. > We are facing issues with getting the IIS logs from Windows hosts. They log > to plain text files as writing to Windows EventLog caused performance issues. > How much resources does the rsyslog windows agent consume? How does it > perform for this type of plain text file processing? Do you have some numbers > to count on? > > Did someone compare rsyslog windows to nxlog or other syslog forwarding tool? > > -- > Peter > > On Thu, Aug 27, 2020 at 2:18 PM Rainer Gerhards via rsyslog > <[email protected]> wrote: >> >> That's one of the reasons why I recommend rsyslog windows Agent: you >> have full control over the output format. Also, it's default format >> (Adiscon EventReporter) is known by many systems because it was the >> first tool ever to perform that type of work. >> >> Rainer >> >> El jue., 27 ago. 2020 a las 13:41, Mariusz Kruk via rsyslog >> (<[email protected]>) escribió: >> > >> > Strange thing, because in my "Sent" folder the message is full of >> > content whereas I see the posting on the list empty. >> > >> > Anyways, I'll repost the contents of the original message: >> > >> > "I've seen Kiwi and Solarwinds in use and the main problem is not in >> > generating log events as such or forwarding them later with rsyslog or >> > any other solution. The problem in the end is that when you receive the >> > events at the destination, you're probably want to parse it into some >> > kind of log management software. >> > >> > And here is where it gets tricky because your solution might not be very >> > happy with the format of the message. I suggest you take a look at both >> > of them if you're interested and see for yourself whether it's parseable >> > on your end. >> > If I remember correctly, kiwi sends some part of the data as xml and >> > some as key-value part of the syslog message but Solarwinds sends the >> > events rendered to a simple text message. (But I haven't seen the for >> > quite a while so this is just my vague recollection)." >> > >> > Mariusz Kruk >> > Ekspert ds. Bezpieczeństwa IT >> > COMP S.A. >> > Pion Cyberbezpieczeństwa i Zarządzania Ryzykiem >> > e-mail: [email protected] >> > e-mail: [email protected] >> > tel: +48 608 623 299 >> > >> > On 27.08.2020 09:03, mariusz.kruk--- via rsyslog wrote: >> > > _______________________________________________ >> > > rsyslog mailing list >> > > https://lists.adiscon.net/mailman/listinfo/rsyslog >> > > http://www.rsyslog.com/professional-services/ >> > > What's up with rsyslog? Follow https://twitter.com/rgerhards >> > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> > > DON'T LIKE THAT. >> > _______________________________________________ >> > rsyslog mailing list >> > https://lists.adiscon.net/mailman/listinfo/rsyslog >> > http://www.rsyslog.com/professional-services/ >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> > DON'T LIKE THAT. >> _______________________________________________ >> rsyslog mailing list >> https://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of >> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T >> LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
