Re: [fw-wiz] syslog and network management
- From: "Brian Loe" <knobdy@xxxxxxxxx>
- Date: Fri, 22 Feb 2008 11:47:12 -0600
On Thu, Feb 21, 2008 at 7:19 PM, <david@xxxxxxx> wrote:
if you end up doing much searching through your logs you can end up eating
a LOT more CPU then you imagine, especially as you correlate things and
end up searching for more related items at a time.
I've found that if you utilize, for instance, syslog-ng, you can split
up the log files based on whatever (device type, network, etc.).
Searching those smaller files is a lot less CPU intensive.
Further, if you're using an application such as sec.pl (I think its
called) then you can have everything that comes in copied to a pipe
that sec reads. This can get hair though, YMMV. I've done it on a very
busy syslog server running AIX with no problems.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] syslog and network management
- From: david
- Re: [fw-wiz] syslog and network management
- References:
- Re: [fw-wiz] syslog and network management
- From: Darden, Patrick S.
- Re: [fw-wiz] syslog and network management
- From: david
- Re: [fw-wiz] syslog and network management
- Prev by Date: Re: [fw-wiz] Firewall Placement Question
- Next by Date: Re: [fw-wiz] Firewall Placement Question
- Previous by thread: Re: [fw-wiz] syslog and network management
- Next by thread: Re: [fw-wiz] syslog and network management
- Index(es):
Relevant Pages
|
|
