> The reason thatHi all, I am planning to implement iptables log feature on a server machine(Dual xeon processor,Intel e100 cards,80GB SCSI and 2GB RAM) which is running in bridge mode (On RH 7.3).The average traffic on this machine is vary from 40-60Mbps.Hence I require some suggestion for some my questions like,
LOG is not meant for high volume logging is that it relies on SysLog to log it's data which in and of it's self is not meant for high volume longing. SysLog will quite often become disk bound if you try to log such high volumes to it and thus the system will sort of flounder...
How about using a fifo (man mkfifo and man syslog) and let syslog pipe to that fifo. Some program can then read from the fifo, parse data, and maybe use a database for storing the parsed, now more limited, data.
Might be a good ide to have the database on another system :-
-- Kind regards, Mogens Valentin
