Re: [fw-wiz] syslog and network management
- From: david@xxxxxxx
- Date: Thu, 21 Feb 2008 17:19:58 -0800 (PST)
On Wed, 20 Feb 2008, Darden, Patrick S. wrote:
3. Performance-wise, is there anything special needed? Not really.
It depends on the size of the network, number of devices, how much
detail you are recording, etc. What you describe is a good basis for
starting. Proably the three best things you could do would be: dual
core cpu (any decent ghz), a great NIC (or two, lots of udp bursts from
syslog), and lots of storage (you would want to keep at least 1 year in
local drive space).
if you end up doing much searching through your logs you can end up eating
a LOT more CPU then you imagine, especially as you correlate things and
end up searching for more related items at a time.
I've also found that it's faster to gzip the logs as you rotate them and
search through the compressed logs then to search through the same volume
of logs uncompressed.
what I do on my very busy servers is to put one high-rpm SCSI drive and
one (or more) large SATA drives in the box. I have syslog write to the
SCSI drive and then when I rotate the logs I save them to the slow, but
cheap SATA drive.
David Lang
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] syslog and network management
- From: Brian Loe
- Re: [fw-wiz] syslog and network management
- References:
- Re: [fw-wiz] syslog and network management
- From: Darden, Patrick S.
- Re: [fw-wiz] syslog and network management
- Prev by Date: Re: [fw-wiz] Firewall Placement Question
- Next by Date: Re: [fw-wiz] Firewall Placement Question
- Previous by thread: Re: [fw-wiz] syslog and network management
- Next by thread: Re: [fw-wiz] syslog and network management
- Index(es):
Relevant Pages
|
