Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: syslog and network management

From: "Brian Loe" <knobdy () gmail com>
Date: Fri, 22 Feb 2008 11:47:12 -0600
On Thu, Feb 21, 2008 at 7:19 PM,  <david () lang hm> wrote:


 if you end up doing much searching through your logs you can end up eating
 a LOT more CPU then you imagine, especially as you correlate things and
 end up searching for more related items at a time.


I've found that if you utilize, for instance, syslog-ng, you can split
up the log files based on whatever (device type, network, etc.).
Searching those smaller files is a lot less CPU intensive.

Further, if you're using an application such as sec.pl (I think its
called) then you can have everything that comes in copied to a pipe
that sec reads. This can get hair though, YMMV. I've done it on a very
busy syslog server running AIX with no problems.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: