Events sent to SIEM or external Syslog Server have a large delay or are otherwise very slow.

• App Control Server: All Supported Versions
• Syslog Enabled (System Configuration > Events > External Event Logging >Syslog Enabled)

Syslog export is unable to keep up with the current volume of Events coming from Agents among all other Server tasks.

1. Verify the application server is meeting the Operating Environment Requirements for
   • Architecture by Endpoint Count
   • Choosing Proper Hardware for App Control Server
   • Choosing Proper Hardware for the SQL Server
   • Common Performance Pitfalls
   • Validating Storage Performance
2. Follow the steps, Reducing Events Generated in this article to help prevent sending Events by Agents that might not be necessary for the environment.
3. Consider using the External Analytics feature instead, which may be able to export more Events.

• There is a potential theoretical maximum of 20M Events/day being sent from the App Control Server to a Syslog Server.
• In some instances, active environments or very busy App Control Servers may encounter this limit much sooner.