Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

Re: Appropriate PIX logging level
From: Chuck Swiger <chuck () codefab com>
Date: Fri, 05 May 2006 08:52:07 -0400

ArkanoiD wrote:
On Thu, May 04, 2006 at 10:24:31AM -0400, Chuck Swiger wrote:
ArkanoiD wrote:
Well, does that mean that syslog should be either not reliable (generic datagram), not portable enough (sdsc), buggy (nsyslogd) or suffering
performance problems (ng) ;-)?
You can get reliable logging with a stock BSD-flavor syslogd if you talk to it via a named pipe (ie, /var/run/log or equivalent).

No, BSD syslog is not reliable since it is datagram socket.

UDP is not reliable, but what part of "named pipe" didn't you understand?

Try feeding a million loglines through UDP over the network, and you'll lose a few, probably less than 1% unless your network isn't that reliable...but I haven't seen any lossage from logging locally via the named pipe at a volume of a million lines a day over a period of months.

And there still is no reliable kernel logging at all.

Most kernels implement a fixed-size circular message buffer, which is often fairly small. This is reliable within the limits that old messages will quickly get over-written and that a fatal problem leading to a kernel panic may not get logged because the system is in the process of termination.

--
-Chuck
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]