Re: Iptables logs on High bandwidth traffic network

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jozsef Kadlecsik wrote:
On Thu, 5 May 2005, Taylor, Grant wrote:


Why where a FIFO and a program which parses and transmit the data to
another system any faster than syslog/syslog-ng/ulogd/etc? (Why reinvent
the wheel?)

It is my belief that Syslog and the mechanism that it uses to log is not meant for extreme volume of login. As I understand it Syslog will log each and every individual packet that passes through the IPTables LOG target individually, thus causing a write through the kernel in to SysLog space and possibly to disk for a VERY small amount of data.


That depends on how syslog is configured - you can easily disable syncing
at every log event.

Yes, but doing so may cause loss of logging, or maybe it'll just delay some messages due to not sync'ing at once. Lack of experience here :p
I do use the non-sync feature to some extend; doesn't seem to cause too much delay, though.


--
Kind regards,
Mogens Valentin



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux