We are currently using Nxlog enterprise 4.0.3735 to send events logs(windows events - > json out) from windows server to central log server.
1) I want to estimate system requirements(cpu,memory,disk) needed by nxlog agent to handle 4000 to 5000 events per seconds. I m also concerned about what happens when the agent gets high (unexpected) number of events more than expected during peak load times
2) Are logs buffered some where on disk and sent later or something similar when link between the nxlog agent and central logserver is broken for some reason ?

AskedAugust 20, 2018 - 4:36pm

Comments (1)

  • Zhengshi's picture

    EPS (Events per second) can be complicated to calculate for because of all of the variables involved.
    Agent vs agentless, what modules used, what kind of data, network, etc. Will the central server or each windows machine need to handle 4-5k eps?
    The best way to get a good number is to just test it in your environment. 4-5k is easily handled by NXLog with a low-moderate setup.

    Buffering is in memory by default, but this can be adjusted and modified as needed. FlowControl will pause input modules when output modules can not write or send events. This is useful for cases where the output is blocked or during peak times to help handle the load.

Answer (1)