I tried to find any information to assist with understanding if some log export protocols taxing CPU (Management and DP) more then others. Perhaps ones DP pass log events to MP it is for Management to package and ship the logs, therefore, as long as some rules has logging enabled, the DP load will be the same regardless of the protocol used.
1. Is there any information to help with estimates on additional CPU load for Syslog log destinations? What about HTTP log destinations?
2. Can I save some CPU using TCP vs UDP syslog? Any other fiddling? Obviously logging on session end only will generate 2x less log amount.
The platforms in question are 8xx and 30xx.