collecting system logs through Fluentd and pushing logs to Sensu port 3030 using Fluentd-Sensu plugin. Fluentd collecting 100 logs per second and pushing to Sensu port 3030.
When I checked log timestamp in Sensu-client.log, I have seen a lot of time delay from Fluentd.log.I have installed Wireshark and try to check the bottle neck. I found that when ever system log generated, Fluentd read that log and pushing to port 3030 and data sits on port long time. Due to this there is time delay from Fluentd to Sensu client. how can I improve the performance of port?
Fluentd Configuration:
@type tail
path /var/log/secure
pos_file /var/log/fluentd/secure.pos
tag secure_message
format syslog
<match secure_message.**>
type copy
@type stdout
@type sensu
server localhost
port 3030
check_handlers [“hostcollector”]
check_name fluentd_log
check_category SECURITY
check_type metric
check_status 0
check_ttl 100
maybe it’s just a use case I don’t know of but why do you point logs at sensu-client? I saw your stackoverflow post.
What do you expect to see in Sensu?
I don’t know Fluentd but seems to be a pretty standard log shipper. I guess fluent-plugin-sensu is supposed to react on log output and create the check payload. Are the JSON payloads correctly structured?
Routing 100 checks per second through sensu from logs doesn’t seem like a very good practice to me. We used to ship metrics through sensu and it really put a strain on the sensu server.
You might be better off setting up checks in your log store and send those results to sensu if that’s possible.
More information on what exactly you want to achieve would be good.
-AB
···
On Wednesday, 14 December 2016 04:08:38 UTC+1, Kishore wrote:
Hi,
collecting system logs through Fluentd and pushing logs to Sensu port 3030 using Fluentd-Sensu plugin. Fluentd collecting 100 logs per second and pushing to Sensu port 3030.
When I checked log timestamp in Sensu-client.log, I have seen a lot of time delay from Fluentd.log.I have installed Wireshark and try to check the bottle neck. I found that when ever system log generated, Fluentd read that log and pushing to port 3030 and data sits on port long time. Due to this there is time delay from Fluentd to Sensu client. how can I improve the performance of port?
Fluentd Configuration:
@type tail
path /var/log/secure
pos_file /var/log/fluentd/secure.pos
tag secure_message
format syslog
<match secure_message.**>
type copy
@type stdout
@type sensu
server localhost
port 3030
check_handlers [“hostcollector”]
check_name fluentd_log
check_category SECURITY
check_type metric
check_status 0
check_ttl 100