Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Re: syslog and network management
From: Timothy Shea <tim () tshea net>
Date: Wed, 27 Feb 2008 20:11:02 -0600
we noticed a LOT of missing logs, when we changed to the default  
debian
syslogd we were able to handle an order of magnatude more logs  
without any
sign of missing logs (from around 100/sec to >1000/sec)


I am also perplexed by this.  syslog-ng has many (many) flaws but in  
terms of dropping packets it has always out-performed every syslogd  
implementation I have run across ("performance" as being defined as  
receiving the highest percentage of packets - this is UDP after  
all.)   So I have to question how it was implemented.  How did you  
validate the drop count?  How was syslog-ng implemented?  Which debian  
version?

t.s


On Feb 26, 2008, at 4:12 PM, david () lang hm wrote:


On Mon, 25 Feb 2008, Brian Loe wrote:


On Fri, Feb 22, 2008 at 8:06 PM,  <david () lang hm> wrote:


I've found that if you utilize, for instance, syslog-ng, you can  
split
up the log files based on whatever (device type, network, etc.).
Searching those smaller files is a lot less CPU intensive.


true, but I found that syslog-ng was far less effective at the more
important job of receiving syslog messages from the wire and  
writing them
to disk


Really? How so?

We were logging 6 PIXen as well as many switches and routers (and a
much lesser level). We never "noticed" a great loss of messages... I
guess I can assume you did, and maybe I could learn from how you did!
:)

What daemon do you use?


we tried to use syslog-ng to receive activity from our border router  
and
write a copy locally (in large chunks) and relay the logs to another
syslog server inside.

we noticed a LOT of missing logs, when we changed to the default  
debian
syslogd we were able to handle an order of magnatude more logs  
without any
sign of missing logs (from around 100/sec to >1000/sec)

David Lang
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]