Hello friends, I have SEC monitoring over 50 log files with various correlations, and it is consuming 100% of single CPU (luckily on 10-CPU machine, so not whole system affected, as SEC is single-CPU application).
This could mean, that SEC does not prosecute processing of all rules, and I am curious, what are possible effects, if this means increasing delays (first in, processing, first out), or skipping some lines from input files, or anything other (?). And how to troubleshoot, finding bottlenecks. I can see quantities of log messages per contexts or log files in sec.dump, this is some indicator. Are there also other indicators? Is it possible, somehow, see also processing times of patterns (per rules)? Thank you in advance. Richard
_______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
