« Project Lasso 4 Released | Main | Anton Logging Tip of the Day #12: Proxy Log Fun - Proxy Log Analysis for Possible Information Leakage Detection »
Sustained Performance
A note from the field... The word “sustained” makes all the difference when talking about log management. I hear people, especially log management vendors, talking about messages per second peak numbers, but often when the pedal reaches the floor, those peek numbers are completely unachievable.
A couple weeks ago I was on-site at a customer of ours in the Caribbean. They are a local ISP using our appliance to monitor their Netscreen Firewalls. Now, the LX1000 has a sustained rate of 1500 event messages per second. This you’ll find on our marketing material, you’ll find it on our website, you’ll find it all over the web. The LX1000 handles 1500 messages per second. Sustained. This customer firewall was sitting at a steady 1400 messages per second at two in the afternoon.
The customer was concerned at first. This company is an ISP, and they didn’t know what sort of messages per second they would see during peak times of 4:30 to 9:30pm. We let the machine run over-night collecting data for the following days configuration of alerts and reports.
Day two, I sat down and took a look at the previous nights performance. The LogLogic appliance during the middle of the night had dropped to receiving a paltry 400 messages per second, however, we saw the average raise up to roughly 2300 messages per second, peaking at nearly 3200 messages per second.. and it did so without a single dropped message. That's 3200+ MPS flood of data without a single dropped message.
The word “sustained” is key when looking at a log management solution. If you are going to compare apples to apples, you really have to compare the apples to apples. Some log management solutions will show you an orange, and claim it to be an apple. When the rubber hits the road, make sure your log management solution can handle the rates they claim. - Dimitri
Posted August 07, 2007 in | Permalink
TrackBack
TrackBack URL for this entry:
http://www.loglogic.com/mt/mt-tb.cgi/233
June 2008
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 |
Categories
Archives
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005