Hi Matthew, I have used Graylog in my job about a month and everything was going fine with the following setup:
Graylog-server and Graylog-web Graylog in a single VM (ESXi 5.5, Dell R910) with 2 cores 4GB RAM 20GB HDD Graylog-server JVM 2GB Graylog-web JVM default Elasticsearch JVM 256MB Elasticsearch cluster with 3 nodes on 3 Dell T320 4 cores 8GB RAM HDD 1TB SATA Elasticsearch JVM 6GB **All servers are running CentOS 7.1 and OpenJDK 8. All packages were installed with repositories. I have a lot of inputs, extractors and dashboards. I'm collecting logs of some servers and some network assets. The device who generates more log is our Cisco ASA 5520. I configured the ASA to send logs from level 5 (notification) because level 6 (informational) generates a lot of unnecessary information. Yesterday my boss asked to measure ASA traffic in Graylog and I started to collect four new event level 6 (built and teardown, tcp / udp). We jump from 2.5k messages per minute to about 20k. The load average of VM jumped above 9.0, hours later. At a given time, I had 32k unprocessed messages in journal queue, At night, I turned off the VM, increase its setting to 4 core and start it again. Now, everything is run like a charm with a load average between 3 and 4. Cheers, Emerson On Monday, November 23, 2015 at 7:55:48 AM UTC-2, Matthew Simon wrote: > > Hi Guys > > > I have a problem! > > > I receive large amounts of logs to my Graylog2 server and i feel that the > server cant keep up with the incoming logs, Is there a way that I can > optimize my configuration to handle large amounts of LOGS. > > > Please see the image bellow. > > > Thanks in advance. > > > > > <https://lh3.googleusercontent.com/-n91LHSZ_HtQ/VlLhwvs-sKI/AAAAAAAAAqU/dXnmzSAQFCg/s1600/image1.png> > > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/7e3954fd-2eec-463d-b0a4-df5378ab4e86%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
