Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: syslog and network management

From: david () lang hm
Date: Tue, 26 Feb 2008 14:12:51 -0800 (PST)
On Mon, 25 Feb 2008, Brian Loe wrote:


On Fri, Feb 22, 2008 at 8:06 PM,  <david () lang hm> wrote:


I've found that if you utilize, for instance, syslog-ng, you can split
up the log files based on whatever (device type, network, etc.).
Searching those smaller files is a lot less CPU intensive.


 true, but I found that syslog-ng was far less effective at the more
 important job of receiving syslog messages from the wire and writing them
 to disk


Really? How so?

We were logging 6 PIXen as well as many switches and routers (and a
much lesser level). We never "noticed" a great loss of messages... I
guess I can assume you did, and maybe I could learn from how you did!
:)

What daemon do you use?


we tried to use syslog-ng to receive activity from our border router and 
write a copy locally (in large chunks) and relay the logs to another 
syslog server inside.

we noticed a LOT of missing logs, when we changed to the default debian 
syslogd we were able to handle an order of magnatude more logs without any 
sign of missing logs (from around 100/sec to >1000/sec)

David Lang
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: