Performance of community vs enterprise edition for WEC/WEF - Page 1

#1 mshakir 5 years ago

Is the scalability / performance of community vs enterprise edition any different?
We tried the community edition for WEC/WEF and it appears to be dropping logs at 2000 eps. We're wondering if there are any configuration we should be aware of. Moreover, please provide sizing recommendations: > What eps can a single nxlog agent support for WEC/WEF collection? > How many VM's of what size (CPU cores and GB memory) should we plan for to support 50,000 eps?

Permalink

#2 b0ti Nxlog ✓ 5 years ago

#1 mshakir

Is the scalability / performance of community vs enterprise edition any different? We tried the community edition for WEC/WEF and it appears to be dropping logs at 2000 eps. We're wondering if there are any configuration we should be aware of. Moreover, please provide sizing recommendations: > What eps can a single nxlog agent support for WEC/WEF collection? > How many VM's of what size (CPU cores and GB memory) should we plan for to support 50,000 eps?

I suspect log dropping is a result of UDP rather than being related to the Windows Eventlog.

The NXLog Enterprise Edition supports WEC/WEF through the im_wseventing module. Performance is heavily dependent on the environment and to process 50k you'll probably need more than one instance. This would be also recommended for HA. A single instance shouldn't require more than 500Mb.
I suggest testing it out yourself.