zwass
05/11/2022, 11:09 PMalessandrogario
05/11/2022, 11:38 PMzwass
05/11/2022, 11:39 PMalessandrogario
05/11/2022, 11:40 PMdefensivedepth
05/12/2022, 11:55 AMJuan Alvarez
05/12/2022, 4:04 PMwindows_events
to forward to our SIEM and we hit every time issues with the watchdog limits as well as the rocksdb limitation mentioned in the thread above. I think those are fairly common scenarios in bigger companies where EPS in the same box goes up to at least 500 EPS. I am not sure i can say where the memory consumption comes at a lower level, but we use to send the data using the tls
logger and i think that the performance seems better when using filesystem
(which we can combine with some other sw for remote send like fluentbit).
Now i have been testing with a logger developed by us with ingestion levels near 1000 EPS aprox that seems stable but it just works in memory for now (no rocksdb).
Just sharing this info in case it helps.seph
05/13/2022, 7:13 PMalessandrogario
05/13/2022, 7:13 PMzwass
05/13/2022, 7:14 PMalessandrogario
05/13/2022, 7:15 PMseph
05/13/2022, 7:18 PMalessandrogario
05/13/2022, 7:18 PMzwass
05/13/2022, 7:50 PMalessandrogario
05/13/2022, 7:55 PMseph
05/13/2022, 7:59 PMzwass
05/13/2022, 8:35 PMcreate table
they go away on restart.seph
05/13/2022, 8:36 PMzwass
05/13/2022, 8:39 PMseph
05/13/2022, 8:39 PMzwass
05/13/2022, 8:41 PMseph
05/13/2022, 8:41 PMzwass
05/13/2022, 8:41 PMseph
05/13/2022, 8:42 PMfile
table, or the plist
one cannot be real tables. Those are close to functions masquerading as tables.zwass
05/13/2022, 10:07 PMseph
05/13/2022, 10:14 PMalessandrogario
05/13/2022, 11:49 PMseph
05/14/2022, 12:02 AMalessandrogario
05/14/2022, 12:05 AM