The syslog-ng 3.0 Administrator GuideDocument version: Thirteenth
|
 |
The syslog-ng 3.0 Administrator GuideDocument version: Thirteenth
|
|
The syslog-ng agent application can send messages to the server when the Windows Scheduler provides resources to the syslog-ng agent. When there are many unsent log messages in the log sources, and there is no other significant activity on the host, syslog-ng will start to send the messages to the server, possibly increasing the CPU load to 100%. After all messages have been sent, or if another application requires the resources, the CPU load decreases back to normal.
![[Tip]](./tip.png) |
Tip |
|---|---|
To avoid the initial large load on the CPU, limit the rate of message sending temporarily. You can remove the limit after the old messages have been sent. See Section 5.2.2, “Limiting the rate of messages” for details. |
When relaying the messages from multiple sources, the syslog-ng agent sends one message at a time from each source. That way a single source with a large log traffic does not block other log sources.
© 2007-2010 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com