Re: [fw-wiz] Appropriate PIX logging level



ArkanoiD wrote:
On Thu, May 04, 2006 at 10:24:31AM -0400, Chuck Swiger wrote:
ArkanoiD wrote:
Well, does that mean that syslog should be either not reliable (generic datagram), not portable enough (sdsc), buggy (nsyslogd) or suffering
performance problems (ng) ;-)?
You can get reliable logging with a stock BSD-flavor syslogd if you talk to it via a named pipe (ie, /var/run/log or equivalent).

No, BSD syslog is not reliable since it is datagram socket.

UDP is not reliable, but what part of "named pipe" didn't you understand?

Try feeding a million loglines through UDP over the network, and you'll lose a few, probably less than 1% unless your network isn't that reliable...but I haven't seen any lossage from logging locally via the named pipe at a volume of a million lines a day over a period of months.

And there still is no reliable kernel logging at all.

Most kernels implement a fixed-size circular message buffer, which is often fairly small. This is reliable within the limits that old messages will quickly get over-written and that a fatal problem leading to a kernel panic may not get logged because the system is in the process of termination.

--
-Chuck
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards