0

Working in an almost Windows only company - and need to set up a syslog server recieving messages from our proxy, firewall and VPN-applicances. For now we have decided to use Kiwi Syslog server, but quickly realized that with the default setting of the proxy and the firewall we are way above the max number of messages for Kiwi pr. hour - which is 2 million messages. So instead of only one server, we need to configure at least one server pr. appliance.

Trying to figure out what throughput we could expect if we where running Linux. If I'm not totally mistaken the Syslog-ng premium delivers way over that - it measures messages pr. second not pr. hour,- but that is anyhow a licensed version. I have not been able to find any numbers for any open source versions.

rhellem
  • 295
  • 1
  • 5
  • 14
  • 1
    You could test it yourself. – Michael Hampton Jul 09 '20 at 17:56
  • 550 messages per second is lame. It would seem Kiwi is not a performant syslog server. – Greg Askew Jul 09 '20 at 18:18
  • What volume do you require, in messages per second? 500 per second is way different scale than 50,000 per second. Some logging systems are capable of enormous volume, depending on design and tuning. Some even can scale out to clusters of multiple message processing nodes. – John Mahowald Jul 10 '20 at 03:19
  • @MichaelHampton - I could test, but still it would be "my" numbers, as I have done with Kiwi and realized that when sending all events from currently the proxy and firewall it will be way more than 2 millions pr. hour. But, ref. Greg Askew's comment that number is not best in class. Which might point to setting up one singel Linux server might be a better option than N-numbers of windows servers. But, would really like to know expected throughput for syslog-ng open source vs premium. – rhellem Jul 10 '20 at 13:15

0 Answers0