How to minimize saturating a LogLogic LMI appliance when turning on TIBCO LogLogic Lasso Enterprise for the first time
Article ID: KB0077452
Updated On:
| Products | Versions |
|---|---|
| TIBCO LogLogic Lasso Enterprise | all versions |
Description
In Lasso Enterprise you can select whether or not to send historical data. This option has a radio button next to the wording "Read only latest event log for new host".
- If this is set to YES, then log collection will begin with the current messages.
- If this is set to NO, all messages in the specified logs (security, application, system) will be sent.
This has the potential to exceed the appliance message rate capabilities and consume much of the CPU to process this data because Lasso Enterprise can send the data very fast without any throttling.
Issue/Introduction
When Lasso Enterprise is first configured to collect events the speed at which it can process the data can saturate the downstream LMI appliance if the Lasso host contains a large historical collection of events. This article explains how to best configure Lasso to avoid that situation.
Resolution
You can reduce the number of logs initially sent by changing this option. You can further reduce this by, for example, only sending security logs. You can also take advantage of Lasso Enterprise 2 event filtering to EXCLUDE certain event IDs that are not considered important to your implementation.
Feedback
Yes
No
Powered by
