Hello, On Wednesday, 2008 May 14 at 19:49:26 +0200, Pablo Neira Ayuso wrote: > Anton wrote: > > Just some extra results, > > > > seems DB drivers does such a difference, since while logging > > to LOGEMU (only) target - I've go result which looks true. > > But - If I enable DB logger - results in DB and LOGEMU - > > are the same. Looks like DB transfers makes ULOG to not > > accept packets from kernelspace > > The problem is netlink that cannot back off. Netlink is the underlying > communication subsystem that we use to communicate kernel with usepace > space. Since Netlink is unreliable, some log messages can vanish under > heavy load. I guess that database insertions consumes lots of CPU > resouces. Thus, doing online database logging in a scalable manner turns > really hard. IMHO, this problem is more linked with a treatment delay due to the database connection. I will try to switch the database plugin to non-blocking query and I will send you results and a patch (if results are good). > Instead, if you need scalability, I'd suggest to use logemu > or whatever plain text logging facility and then convert it to a > database *offline* if you really need advanced queries. It will be sad to do so ;) BR, -- Eric Leblond INL: http://www.inl.fr/ NuFW: http://www.nufw.org/
Attachment:
signature.asc
Description: Digital signature
