Re: Appropriate PIX logging level

[Chuck Swiger <chuck () codefab com>]

ArkanoiD wrote:
> On Thu, May 04, 2006 at 10:24:31AM -0400, Chuck Swiger wrote:
> > ArkanoiD wrote:
> > > Well, does that mean that syslog should be either not reliable (generic 
> > > datagram), not portable enough (sdsc), buggy (nsyslogd) or suffering
> > > performance problems (ng) ;-)?
> > You can get reliable logging with a stock BSD-flavor syslogd if you talk to 
> > it via a named pipe (ie, /var/run/log or equivalent).
>
> No, BSD syslog is not reliable since it is datagram socket.

UDP is not reliable, but what part of "named pipe" didn't you understand?

Try feeding a million loglines through UDP over the network, and you'll lose a 
few, probably less than 1% unless your network isn't that reliable...but I 
haven't seen any lossage from logging locally via the named pipe at a volume 
of a million lines a day over a period of months.

> And there still is no reliable kernel logging at all.

Most kernels implement a fixed-size circular message buffer, which is often 
fairly small.  This is reliable within the limits that old messages will 
quickly get over-written and that a fatal problem leading to a kernel panic 
may not get logged because the system is in the process of termination.

--
-Chuck
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards