Hi all,
We're monitoring 4 Windows Server domain controllers and we're monitoring their event logs to receive blocked user events. This event types happens not very ofenly but we calculate that these servers are generating, aproximately, over 200 events per second.
The problem we are experiencing is that events arrive to Zabbix Server 2 hours and a half later. The general performance is OK.
This is the item configuration:
Type: Zabbix agent (active)
Key: eventlog[Security,username,,,4740,100,skip]
Type of Information: Log
Update Interval: 30
We actived the DebugLevel=4 to obtain all the precess and we think Zabbix Agent is reading events slower than servers are generating them.
We've recently upgraded Zabbix Server to version 3.2.6 and agents are still in 2.2.9, so as first step we are going to update the agents, but I don't think we obtain any improvement with this action.
Is there any limit in the number of events per second that Zabbix Agent can read?
What configuration of the item and Zabbix Agent do you suggest to get improvements getting values in time?
I was trying to raise the maxlines from 100 to 500 without any success. Should I increse or decrease update interval? Is skip option right? The Security log could be over 4GB.
Any help would be appreciated.
Best regards!
We're monitoring 4 Windows Server domain controllers and we're monitoring their event logs to receive blocked user events. This event types happens not very ofenly but we calculate that these servers are generating, aproximately, over 200 events per second.
The problem we are experiencing is that events arrive to Zabbix Server 2 hours and a half later. The general performance is OK.
This is the item configuration:
Type: Zabbix agent (active)
Key: eventlog[Security,username,,,4740,100,skip]
Type of Information: Log
Update Interval: 30
We actived the DebugLevel=4 to obtain all the precess and we think Zabbix Agent is reading events slower than servers are generating them.
We've recently upgraded Zabbix Server to version 3.2.6 and agents are still in 2.2.9, so as first step we are going to update the agents, but I don't think we obtain any improvement with this action.
Is there any limit in the number of events per second that Zabbix Agent can read?
What configuration of the item and Zabbix Agent do you suggest to get improvements getting values in time?
I was trying to raise the maxlines from 100 to 500 without any success. Should I increse or decrease update interval? Is skip option right? The Security log could be over 4GB.
Any help would be appreciated.
Best regards!
Comment