Re: Logging IPTables to file using syslogd

From: Oblek (sauron@lug.stikom.edu)
Date: 06/24/02


Date: Mon, 24 Jun 2002 18:42:06 +0700
From: Oblek <sauron@lug.stikom.edu>
To: security-discuss@linuxsecurity.com


Hi,

On some postings I posted recently:

> > nope....the "-" character just before the arguments (in this case is a file) is used
> > by syslog to do syncing (direct writes) to disk, rather than queue up first in the
> > buffers (in case your hardware crashing and you might loosing important logs),
> > so if performance is your choice over data integrity, you may ommit the
> > "-" character.

I've made a little mistake here...the "-" characters is used *if* you
wan't to omitting direct sync to the disk after write operations, it means it
will stay in disk buffers until the flush daemon waking up. The standard
behaviour will do direct writes, the "-" can be choosed if you want to help raising
througput, but there is a probabilities that you might loose some logs during
system crash.

> How can I test this? For example, with syslogd directed to write to
> a fifo:
>
> *.* |/some/fifo

I'm sorry, I don't have any experiences using the fifos

> This could be a way to get full `real time' access to filtered log
> files. Am I following your point correctly?

You can follow the realtime log if directing to the console,
this is how I do in all of my servers.

*.* /dev/tty12

--
Diyan Christian
@ IN SOA lug.stikom.edu. oblek.lug.stikom.edu.

"My programs doesn't contain bugs, they just develops random features" ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.