Hi,
We recently enabled syslog for dns devices, including query events. I checked this morning, and the events are about 4 hours behind. Looking for advice on how to fine tune this...
This particular logfile is huge: 254130888464 Nov 25 08:29 system-ftcnsrtp1.log - and growing rapidly.
We have lots of files on this server, but none remotely close to the size of this one. When I run the "inputstatus" command, that feed is in batch mode. I don't see any messages about thruput warnings from this heavy forwarder.
/apps/logs/2016/11/25/system-ftcnsrtp1.log
file position = 133013964565
file size = 9895002842
parent = /apps/logs/2*/*/*/system-ftc*.log
percent = 1344.25
type = reading (batch)
Thoughts?
↧