mailing list archives
Re: Appropriate PIX logging level
From: Chuck Swiger <chuck () codefab com>
Date: Fri, 05 May 2006 08:52:07 -0400
On Thu, May 04, 2006 at 10:24:31AM -0400, Chuck Swiger wrote:
Well, does that mean that syslog should be either not reliable (generic
datagram), not portable enough (sdsc), buggy (nsyslogd) or suffering
You can get reliable logging with a stock BSD-flavor syslogd if you talk to
it via a named pipe (ie, /var/run/log or equivalent).
performance problems (ng) ;-)?
No, BSD syslog is not reliable since it is datagram socket.
UDP is not reliable, but what part of "named pipe" didn't you understand?
Try feeding a million loglines through UDP over the network, and you'll lose a
few, probably less than 1% unless your network isn't that reliable...but I
haven't seen any lossage from logging locally via the named pipe at a volume
of a million lines a day over a period of months.
And there still is no reliable kernel logging at all.
Most kernels implement a fixed-size circular message buffer, which is often
fairly small. This is reliable within the limits that old messages will
quickly get over-written and that a fatal problem leading to a kernel panic
may not get logged because the system is in the process of termination.
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
RE: Appropriate PIX logging level Paul Melson (May 04)
Re: Appropriate PIX logging level Miha Vitorovic (May 04)
RE: Appropriate PIX logging level Behm, Jeffrey L. (May 05)