Firewall Wizards mailing list archives

Re: syslog and network management

From: Timothy Shea <tim () tshea net>
Date: Wed, 27 Feb 2008 20:11:02 -0600

we noticed a LOT of missing logs, when we changed to the default  
debian
syslogd we were able to handle an order of magnatude more logs  
without any
sign of missing logs (from around 100/sec to >1000/sec)


I am also perplexed by this.  syslog-ng has many (many) flaws but in  
terms of dropping packets it has always out-performed every syslogd  
implementation I have run across ("performance" as being defined as  
receiving the highest percentage of packets - this is UDP after  
all.)   So I have to question how it was implemented.  How did you  
validate the drop count?  How was syslog-ng implemented?  Which debian  
version?

t.s


On Feb 26, 2008, at 4:12 PM, david () lang hm wrote:

On Mon, 25 Feb 2008, Brian Loe wrote:

On Fri, Feb 22, 2008 at 8:06 PM,  <david () lang hm> wrote:

I've found that if you utilize, for instance, syslog-ng, you can  
split
up the log files based on whatever (device type, network, etc.).
Searching those smaller files is a lot less CPU intensive.


true, but I found that syslog-ng was far less effective at the more
important job of receiving syslog messages from the wire and  
writing them
to disk


Really? How so?

We were logging 6 PIXen as well as many switches and routers (and a
much lesser level). We never "noticed" a great loss of messages... I
guess I can assume you did, and maybe I could learn from how you did!
:)

What daemon do you use?


we tried to use syslog-ng to receive activity from our border router  
and
write a copy locally (in large chunks) and relay the logs to another
syslog server inside.

we noticed a LOT of missing logs, when we changed to the default  
debian
syslogd we were able to handle an order of magnatude more logs  
without any
sign of missing logs (from around 100/sec to >1000/sec)

David Lang
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

syslog and network management shadow floating (Feb 19)
- Re: syslog and network management Darden, Patrick S. (Feb 19)
  - Re: syslog and network management shadow floating (Feb 20)
    - Re: syslog and network management Darden, Patrick S. (Feb 21)
    - Re: syslog and network management david (Feb 22)
    - Re: syslog and network management Brian Loe (Feb 22)
    - Re: syslog and network management david (Feb 23)
    - Re: syslog and network management Brian Loe (Feb 25)
    - Re: syslog and network management david (Feb 27)
    - Re: syslog and network management ArkanoiD (Feb 29)
    - Re: syslog and network management Timothy Shea (Feb 29)
    - Re: syslog and network management Alejandro Ezequiel Fernández Preda (Feb 21)
    - Re: syslog and network management Dave Piscitello (Feb 22)
    - Re: syslog and network management Brian Loe (Feb 22)
    - Re: syslog and network management Brian Loe (Feb 22)
  - Firewall Placement Question jason (Feb 21)
    - Re: Firewall Placement Question Aniket S. Amdekar (Feb 22)
    - Re: Firewall Placement Question Dan Lynch (Feb 22)
    - Re: Firewall Placement Question firewallwizards (Feb 22)
    - Re: Firewall Placement Question J. Oquendo (Feb 22)
    - Re: Firewall Placement Question Marcus J. Ranum (Feb 22)

(Thread continues...)