On Wednesday 14 May 2008 22:53, Patrick McHardy wrote: > > plain text logging facility and then convert it to a > > database *offline* if you really need advanced queries. > > Yeah, but what we can do is check whether the message > was successfully transmitted in the kernel and drop > the packet in case it wasn't. That should catch 99.9% > of all error cases since a slow databse effectively > only causes the process to read less often from the > netlink socket. What we did, is trying to transport a message over network to another host, for further analysis - OPRINT and LOGEMU targets were used. Even with no further DB interaction (just plain dumping to a file) - causes loosing of 50% of packets with hacked OPRINT - regardles if it's done while connecting to localhost (same pc) or another host. PC's are P4-3Ghz. host 1(NFLOG -> ULOG -> OPRINT_OVER_NETWORK) -> host 2 (LOG_RECEIVER) and just plain native LOGEMU looses arround 1% of packets on 100mbit transfers. If there a way for checking is the message were transmitted, how to do that? > > I still have a very old and unfinished patch for this > somewhere ... -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
