Syslog agent protocol affects drain URL performance
Article ID: 298291
Updated On:
Products
VMware Tanzu Application Service for VMs
Issue/Introduction
When setting up aggregate drains in the shared nothing architecture, estimated envelope throughput should be considered when choosing the protocol for the drain URL.
For more information about aggregate drains and the shared-nothing Architecture, refer to the following: Currently aggregate drains accept three protocols for the destination URL: https, syslog, and syslog-tls.
For more information about aggregate drains and the shared-nothing Architecture, refer to the following: Currently aggregate drains accept three protocols for the destination URL: https, syslog, and syslog-tls.
Environment
Product Version: 2.11
Resolution
It has been observed that drain URLs using the https protocol do not perform as well when compared to drain URLs using the syslog or syslog-tls protocols.
While there are other factors that could cause syslog-agent egress loss, given equal environmental conditions, the syslog and syslog-tls protocols outperform https.
It has been observed that https drain URLs may support up to 500-2000 envelopes/second without dropping any. This range may fluctuate depending on envelope size and network performance.
A CounterEvent metric can be referenced to see if syslog-agent egress drops are occurring for a specific drain URL. This metric is named messages_dropped_per_drain and is unique to each aggregate drain URL.
To identify the drain URL associated with each of these metrics, look for the drain_url tag. For example:
If you have an https aggregate drain URL and are experiencing egress loss on that drain in syslog-agent, the current recommendation is to migrate the syslog server and configuration to use the syslog or syslog-tls protocol.
While there are other factors that could cause syslog-agent egress loss, given equal environmental conditions, the syslog and syslog-tls protocols outperform https.
It has been observed that https drain URLs may support up to 500-2000 envelopes/second without dropping any. This range may fluctuate depending on envelope size and network performance.
A CounterEvent metric can be referenced to see if syslog-agent egress drops are occurring for a specific drain URL. This metric is named messages_dropped_per_drain and is unique to each aggregate drain URL.
To identify the drain URL associated with each of these metrics, look for the drain_url tag. For example:
origin:"loggregator.syslog_agent" eventType:CounterEvent timestamp:1632237773724349325 deployment:"cf-ebca62a1f30e204c9868" job:"router" index:"61670a03-5884-4ea0-8715-ff30d31fc48b" ip:"YY.YY.YY.YYY" tags:<key:"direction" value:"egress" > tags:<key:"drain_scope" value:"aggregate" > tags:<key:"drain_url" value:"syslog://XX.XXX.XX.XXX:3000" > tags:<key:"instance_id" value:"61670a03-5884-4ea0-8715-ff30d31fc48b" > tags:<key:"metrics_version" value:"2.0" > tags:<key:"product" value:"VMware Tanzu Application Service" > tags:<key:"source_id" value:"syslog_agent" > tags:<key:"system_domain" value:"SYSTEM-DOMAIN.com" > counterEvent:<name:"messages_dropped_per_drain" delta:10000 total:20000 >
If you have an https aggregate drain URL and are experiencing egress loss on that drain in syslog-agent, the current recommendation is to migrate the syslog server and configuration to use the syslog or syslog-tls protocol.
Feedback
Yes
No
Powered by
