EventLog Analyzer's performance depends on the machine in which it is deployed. Following are some configuration procedures that help you to tune EventLog Analyzer's performance to the maximum.
EventLog Analyzer version 10 and above support log flow rate of 20,000 logs/second in 64 bit editions and 10,000 logs/sec in 32 bit editions.
For 64 bit| Maximum Flow Rate in Logs/Sec | Memory required in MB |
|---|---|
| 5000 | 1024m |
| 10,000 | 2048m |
| 20,000 | 4096m |
For 32 bit
| Maximum Flow Rate in Logs/Sec | Memory required in MB |
|---|---|
| 5000 | 1024m |
| 10,000 | 1536m |
To set to the flow rate that meets your requirement, follow the below configuration steps.
For windows service:For example, if you're going to have a flow rate of 20,000 logs/sec, you'll have to change it to wrapper.java.maxmemory=4096
For linux :To get the optimal performance, you need to change the MySQL parameters depending on the RAM size of EventLog Analyzer server.
| RAM Size | MySQL Parameter Changes |
|---|---|
| 1 GB | Default configuration as given in the startDB.bat/sh file |
| 2 GB | " --innodb_buffer_pool_size=1200M " |
| 3 GB | " --innodb_buffer_pool_size=1500M " |
| 4 GB | " --innodb_buffer_pool_size=1500M " |
| 8 GB (64 Bit) | " --innodb_buffer_pool_size=3000M " |
| 16 GB (64 Bit) | " --innodb_buffer_pool_size=3000M " |
The hard disk space requirement is closely tied to the log volumes generated at your environment. For a high log record rate you need to have a greater disk space to store and process the logs. The log generation rate in turn depends on the number of log sources you add for monitoring. Below is the estimate of hard disk space requirement specific for each log volume rate. The data is computed by accounting 100 hosts with average log size of 500 bytes.
|
Log Records Rate or Volume
|
RAM Size
|
Hard Disk Space Requirement
Per Month to Run EventLog Analyzer
|
|||
|---|---|---|---|---|---|
|
100/sec or 4 GB/day
|
2 GB
|
85 GB
|
|||
|
500/sec or 20 GB/day
|
4 GB
|
400 GB
|
|||
|
1000/sec or 40 GB/day
|
8 GB
|
800 GB
|
|||
Calculating the required hard disk space for your environment
EventLog Analyzer automatically scales up to meet the growing number of log sources configured for log collection. By default, the 'Archive' and 'Indexes' folder located at the product installation path to increase in size. We recommend you to calculate the required hardware space based on the number of log sources being monitored and the average size of each log type keeping the time period as constant.
Average Log Size Details
The total disk space can be given by,
Calculating the Archive content:
Since we are zipping the 'Archive' and 'Indexes' folders, the folder size will reduce by 90%, implying the zipping ratio as 10:1
Therefore, the total Disc space would be
ie., Default Archive zip interval is 4 days and index zip interval is 7 days
Storage Settings
By default, the database/indexes storage is set to'32 days' and archive log storage is set to be 'forever'. to change the database/indexes storage period, navigate to the Settings tab and click on Archive Settings.
Noise Reduction
EventLog Analyzer facilitates the filter option that will retain and prioritize only those logs in the database that is of corporate interest for a quick view. Rest of the logs are collected in the archive folder and are made available for viewing at any given point of time. Additionally, the filtering functionality also ensures the optimum use of hard disk space. Read more on Database filtering here. Sometimes, you may not want to apply to database filtering. Regardless of the log type, or severity, you may need to retain all the logs in the database as well as on the archive folder. You can do this by,
General Instruction to Control the Disk Space Growth
In case of any disk space constraints, you can shift the Archive/Indexes folder to a different drive or network mapped drive. Click on Settings > Archive Settings and provide your choice of location for archiving and swapping the logs.
With this option, you can transfer the contents of the dormant archive to a tape drive or to high capacity storage for longer retention.
If the product is running in a debug mode, consult our support team to change it to default log level as soon as your requirement is resolved. Debug level will increase the 'log' folder size causing you disk space issues.
Feel free to contact support for any other technical queries.
