I just implemented buffer logging that guarantees that fflush is called if the buffer is full. Have a look at LogFileBufferSize. This must improve performance under very busy firewall. Does syslog have any similar setting?
That's good question, I'm not really sure what buffering is available in the various syslog implementations.
The logging format must be discussed before the release. It would be fairly easy to dump the connection logging info in XML instead of plain text and I'm not sure if current format is fine.
In my opinion, the existing plain text log format is fine. I have an existing tool that's used to parse out the existing plain text iptables syslog data, and I plan on adapting it to support the similar format produced by conntrackd. If there are changes that could be made to make the formats similar, that might be nice (so the "family" netfilter softwares log uniformly (?)). XML would be nice, but I won't use it at this time.
- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
