Firewall Wizards mailing list archives
Re: Appropriate PIX logging level
From: ArkanoiD <ark () eltex net>
Date: Fri, 5 May 2006 17:07:16 +0400
nuqneH, Hmm, i stress-tested datagram unix socket several years ago and found that it definitely can lose messages. Can't remember exact BSD flavor, most likely it was Open or Free. And kernel logging is much less reliable even than that. I remember there was a set of patches that added reliable audit log to BSD kernel, but the license was somehow restrictive. On Fri, May 05, 2006 at 08:52:07AM -0400, Chuck Swiger wrote:
ArkanoiD wrote:On Thu, May 04, 2006 at 10:24:31AM -0400, Chuck Swiger wrote:ArkanoiD wrote:Well, does that mean that syslog should be either not reliable (generic datagram), not portable enough (sdsc), buggy (nsyslogd) or suffering performance problems (ng) ;-)?You can get reliable logging with a stock BSD-flavor syslogd if you talk to it via a named pipe (ie, /var/run/log or equivalent).No, BSD syslog is not reliable since it is datagram socket.UDP is not reliable, but what part of "named pipe" didn't you understand? Try feeding a million loglines through UDP over the network, and you'll lose a few, probably less than 1% unless your network isn't that reliable...but I haven't seen any lossage from logging locally via the named pipe at a volume of a million lines a day over a period of months.And there still is no reliable kernel logging at all.Most kernels implement a fixed-size circular message buffer, which is often fairly small. This is reliable within the limits that old messages will quickly get over-written and that a fatal problem leading to a kernel panic may not get logged because the system is in the process of termination. -- -Chuck
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Appropriate PIX logging level, (continued)
- Re: Appropriate PIX logging level David Lang (May 02)
- minirsyslogd (was Appropriate PIX logging level) Bennett Todd (May 04)
- Re: Appropriate PIX logging level ArkanoiD (May 04)
- Re: Appropriate PIX logging level Marcus J. Ranum (May 04)
- Re: Appropriate PIX logging level ArkanoiD (May 04)
- Re: Appropriate PIX logging level Marcus J. Ranum (May 04)
- Re: Appropriate PIX logging level Brian Loe (May 05)
- Re: Appropriate PIX logging level Chuck Swiger (May 05)
- Re: Appropriate PIX logging level ArkanoiD (May 05)
- Re: Appropriate PIX logging level Chuck Swiger (May 05)
- Re: Appropriate PIX logging level ArkanoiD (May 05)
- RE: Appropriate PIX logging level David Lang (May 04)
- Re: Appropriate PIX logging level Tichomir Kotek (May 05)