EventLog Analyzer - Performance Optimization Guide
The performance of EventLog Analyzer depends on the machine in which it is deployed. To maximize the performance on any machine, several configuration procedures can be followed as detailed in this guide.
Calculate network traffic volume
It is important to understand the volume of traffic generated by your network, as you can configure various parameters on the EventLog Analyzer server to suit the amount of network data it handles. A single standalone server can handle up to 20000 EPS (events per second) for syslogs and 2000 EPS for event logs on a 64-bit machine. On a 32-bit machine, the values are 10000 EPS for syslogs and 1000 EPS for event logs. You can calculate the log flow rates for your network environment using the method described below. Below are the values for the average log size for various types of logs:
- Windows - 2000 bytes
- Linux/syslog - 100 bytes
- AS400 - 1000 bytes
For each log type, consider the average EPS from the devices generating that type of log. The amount of log data generated per second from these devices is thus given by:
Log flow rate (in bytes/second) = Average log size * EPS
By calculating the log flow rate for each log type and adding them, you can arrive at the network flow rate (in bytes/second), that is, the total amount of log data generated by your network per second.
Java parameters configuration
The memory required in Java, based on the network flow rate, is given below.
For 64 bit
Network flow rate (bytes/sec) |
Memory required (MB) |
64-bit machine |
32-bit machine |
500,000 |
1024 |
1024 |
1,000,000 |
2048 |
1536 |
2,000,000 |
4096 |
- |
To set the memory based on your network's requirement, follow the below steps, based on how EventLog Analyzer is installed on your system.
EventLog Analyzer installed as a service
- Stop the EventLog Analyzer service.
- Navigate to <EventLog Analyzer home>/server/conf.
- Open the file wrapper.conf.
- Search for wrapper.java.maxmemory.
- The default value for this parameter is 1024, change it to match your network flow rate. Eg. If your network flow rate is 2,000,000 bytes/second, change the value to wrapper.java.maxmemory=4096.
- Save the file and restart the EventLog Analyzer service.
EventLog Analyzer installed as an application
- Shut down EventLog Analyzer.
- Navigate to <EventLog Analyzer home>/bin.
- Open the file setCommonEnv.bat (or setCommonEnv.sh in a Linux machine).
- Search for -Xmx. It is in a line beginning with JAVA_OPTS.
- The default value for this parameter is 1024, change it to match your network flow rate. Eg. If your network flow rate is 2,000,000 bytes/second, change the value to -Xmx4096m.
- Save the file and restart EventLog Analyzer.