In message <[email protected]>,
J Carvalho writes:
>I'd like to use sec to condense incoming syslog events. I had a system
>generate thousands of msgs per second and the result was a swamped
>syslog collector.
>Would it be possible to use SEC to:
>1. read the input stream
>2. pass msgs to the syslog file until it sees a msg storm
>3. condense the msgs based on time or msg count to prevent swamping
>syslog
>4. write a msg to the syslog file with a count of msgs processed
>during the 'storm'.
>5. continue processing input stream.
Maybe I am missing something here, but where is the input stream in 1
comming from? It sounds like some application is using the syslog api
to send data to syslog directly and flooding it. There is no easy way
to get SEC in between the application and syslog.
Also while SEC can be convinced to handle thousands of messages/sec
the cpu usage would almost certainly be more than what syslog uses to
dump the messages to disk.
--
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
