The syslog-ng 3.0 Administrator GuideDocument version: Thirteenth
|
 |
The syslog-ng 3.0 Administrator GuideDocument version: Thirteenth
|
|
This section provides tips on optimizing the performance of syslog-ng. Optimizing the performance is important for syslog-ng hosts that handle large traffic.
Disable DNS resolution, or resolve hostnames locally. See Section 7.4, “Using name resolution in syslog-ng” for details.
Enable flow-control for the TCP sources. See Section 2.13, “Managing incoming and outgoing messages with flow-control” for details.
Do not use the usertty() destination driver. Under
heavy load, the users are not be able to read the messages from the console, and
it slows down syslog-ng.
Do not use regular expressions in our filters. Evaluating general regular expressions puts a high load on the CPU. Use simple filter functions and logical operators instead. See Section 3.6.1, “Optimizing regular expressions in filters” for details.
When receiving lots of messages using the UDP protocol, increase the size of the UDP receive buffer on the syslog-ng hosts. For information about sizing and modifying the UDP buffer, see http://www.29west.com/docs/THPM/udp-buffer-sizing.html.
© 2007-2010 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com