mailing list archives
Re: Appropriate PIX logging level
From: ArkanoiD <ark () eltex net>
Date: Fri, 5 May 2006 17:07:16 +0400
Hmm, i stress-tested datagram unix socket several years ago and found that it
definitely can lose messages. Can't remember exact BSD flavor, most likely
it was Open or Free.
And kernel logging is much less reliable even than that. I remember there
was a set of patches that added reliable audit log to BSD kernel, but
the license was somehow restrictive.
On Fri, May 05, 2006 at 08:52:07AM -0400, Chuck Swiger wrote:
On Thu, May 04, 2006 at 10:24:31AM -0400, Chuck Swiger wrote:
Well, does that mean that syslog should be either not reliable (generic
datagram), not portable enough (sdsc), buggy (nsyslogd) or suffering
performance problems (ng) ;-)?
You can get reliable logging with a stock BSD-flavor syslogd if you talk
to it via a named pipe (ie, /var/run/log or equivalent).
No, BSD syslog is not reliable since it is datagram socket.
UDP is not reliable, but what part of "named pipe" didn't you understand?
Try feeding a million loglines through UDP over the network, and you'll
lose a few, probably less than 1% unless your network isn't that
reliable...but I haven't seen any lossage from logging locally via the
named pipe at a volume of a million lines a day over a period of months.
And there still is no reliable kernel logging at all.
Most kernels implement a fixed-size circular message buffer, which is often
fairly small. This is reliable within the limits that old messages will
quickly get over-written and that a fatal problem leading to a kernel panic
may not get logged because the system is in the process of termination.
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
RE: Appropriate PIX logging level Paul Melson (May 04)
Re: Appropriate PIX logging level Miha Vitorovic (May 04)
RE: Appropriate PIX logging level Behm, Jeffrey L. (May 05)