Firewall Wizards mailing list archives
Re: Appropriate PIX logging level
From: Chuck Swiger <chuck () codefab com>
Date: Thu, 04 May 2006 10:24:31 -0400
ArkanoiD wrote:
Well, does that mean that syslog should be either not reliable (generic datagram), not portable enough (sdsc), buggy (nsyslogd) or sufferingperformance problems (ng) ;-)?
You can get reliable logging with a stock BSD-flavor syslogd if you talk to it via a named pipe (ie, /var/run/log or equivalent).
In many cases, you want to compress & summarize repeated output, or perform your initial analysis-identification-filtration steps first and forward on a summary and the interesting stuff on the devices generated the logging before you smother some dedicated central "logger" host in a huge volume of low-value syslog network traffic.
If you've got less than 10MB of data per day (~ 100K events or logfile lines), you probably don't need to worry about that or keeping several years worth of data around.
On the other hand, when a single busy host can generate 100MB to 1GB of loggable data per day just running a medium-busy website, understanding what your volume is, what your ability to process it meaningfully over longer intervals is and is contrained by (disk space, log analysis processing time, others), becomes more important.
-- -Chuck _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Appropriate PIX logging level Marcus J. Ranum (May 02)
- Re: Appropriate PIX logging level David Lang (May 02)
- Re: Appropriate PIX logging level Marcus J. Ranum (May 02)
- Re: Appropriate PIX logging level David Lang (May 02)
- minirsyslogd (was Appropriate PIX logging level) Bennett Todd (May 04)
- Re: Appropriate PIX logging level ArkanoiD (May 04)
- Re: Appropriate PIX logging level Marcus J. Ranum (May 04)
- Re: Appropriate PIX logging level ArkanoiD (May 04)
- Re: Appropriate PIX logging level Marcus J. Ranum (May 04)
- Re: Appropriate PIX logging level Brian Loe (May 05)
- Re: Appropriate PIX logging level Marcus J. Ranum (May 02)
- Re: Appropriate PIX logging level Chuck Swiger (May 05)
- Re: Appropriate PIX logging level ArkanoiD (May 05)
- Re: Appropriate PIX logging level Chuck Swiger (May 05)
- Re: Appropriate PIX logging level ArkanoiD (May 05)
- Re: Appropriate PIX logging level David Lang (May 02)
- RE: Appropriate PIX logging level David Lang (May 04)
- Re: Appropriate PIX logging level Tichomir Kotek (May 05)
- <Possible follow-ups>
- RE: Appropriate PIX logging level Behm, Jeffrey L. (May 05)