Switch to ULOG instead of LOG as LOG relies on Syslog which was *NOT* meant for high volume traffic. The other solution that I have proposed in the past is to set up TCPDump or Snort and have it sniff the headers out of packets and dump them to a log file and then post process said log file to extract what you are wanting and store it accordingly.
Grant. . . .
Ming-Ching Tiew wrote:
Anyone notice that the log target is really too heavy ?
I have seen various mishaviour to my Celeron 2.4 GHz
machine ( fully dedicated as a firewall machine ) if I turn
on logging. I am not sure if it is due to netfilter logging per se
or due to me running syslogd to remote the log messages over
the network. But in any case, once there is heavy iptabbles logging
activities, the machine totally misbehaves.
Besides the most obvious solutions ( ie to turn it off or get a faster
computer ), any words of advise or recommendation ?
Cheers.
