Date parsed: 6/28/2002 2:18:54 PM
Date: Fri, 28 Jun 2002 13:18:54 +0200
Hi Chris,
> What is the max # of devices SL4NT can handle syslogs for. I realize this
> depends on what you are doing w/ the incoming messages
> (log/alarrm/email/etc), and the hardware platform it is running on. A
rough
> estimate would be fine.
30 months ago I performed a benchmark, using SL4NT 2.0. Here' the result:
------------------
Syslog Server Hardware:
1 PIII-CPU (450 MHZ), 256 MB RAM, SCSI Adaptec/2940 (80 MB/Sec), HDD: 7200
U/min, NTFS-Volume, 100MBit NIC
Syslog Server OS:
W2K Advanced Server
Setup: Another computer was sending syslog messages to the test server using
a WSH script. Each syslog message sent contained a string of length 70
bytes. SL4NT: One rule without conditions and one log-to-file action.
The peak sending rate I could generate with the script on the sending
computer was around 6000 messages/sec.
SL4NT 2.0 was able to receive all of them but was queuing them up in RAM
because the CPU and I/O-System wasn't fast enough to write the data out to
the log file. Such peak sending rate is no problem if it persists only for
some seconds/minutes or, to say it in other words: till the available RAM is
used up and paging starts.
The highest sending rate which could be applied PERMANENTLY on my test
platform was around 3000 messages/sec. Every entry in the log file was
around 100 bytes. This would imply a daily log file volume of 24 GB (100
Bytes * 3000 messages/sec * 86400 secs/day).
Please note:
- SL4NT was the only active process on the system
- More CPUs and a faster I/O System (RAID) would of course provide for a
higher permanent sending rate
-------------------------
Franz
"Chris Schuler" <cschuler@columbus.rr.com> wrote in message
news:oVGrt4kHCHA.2384@is1.netal.com...
> I am looking for a syslog daemon such as SL4NT for an enterprise class
> network (~15,000 devices)
> Depending on how it would be deployed, could an implementation of SL4NT
> scale to this level?
>
> Assume a multiple server implementation (resonable amount of servers) setu
p
> in a tiered architecture (unless one server could handle it all :)
>
>
> What is the max # of devices SL4NT can handle syslogs for. I realize this
> depends on what you are doing w/ the incoming messages
> (log/alarrm/email/etc), and the hardware platform it is running on. A
rough
> estimate would be fine.
>
>
>
>
>