mailing list archives
Re: Appropriate PIX logging level
From: David Lang <dlang () digitalinsight com>
Date: Wed, 26 Apr 2006 12:51:46 -0700 (PDT)
On Wed, 26 Apr 2006, Marcus J. Ranum wrote:
David Lang wrote:
I'm actually trying to keep filters out of the path (until the data hits the primary archive, after it's there, copies
can (and will be) filtered like crazy)
Is that a specific requirement for some legal reason or something? It seems
somewhat, um, arbitrary.
in part it's concern about accusations of the logs being tampered with,
and in part it's to protect me from myself, if there is no filtering
software in the path it can't get misconfigured to filter too much and the
worst case becomes that I have to go back to the files on disk (to the
limits of the disk space, which nowdays is not much of a limit)
You might prefer taking a look at minirsyslog - it's got zero processing options
and just slams stuff to disk without doing anything fancy at all. You'll still have
the problem that you're going to need a separate input / processing loop
and, to me, it just makes more sense to inline all that stuff.
this is exactly the functionality I'm looking for. however for some reason
I'm having trouble accessing the url I found for them
(www.clueby4.org/minirsyslog) so you have another url for me to try?
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no
deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
-- C.A.R. Hoare
firewall-wizards mailing list
firewall-wizards () honor icsalabs com