One thing to consider here is to not write the --MARK-- entries, or write them only every hour or so (default: each 20 minutes).
Hrmph. Clearly I have more to learn about this than I thought. OK, so what's a MARK entry, and where is its logging configured?
Downside: If the network is down, nothing is logged, ditto if the log server crashes.
My network is never down, my log server never crashes. And if it does? Reboot. And if the firewall is hung, dead, and killed? Reinstall. This is, after all, my home firewall where the critical config files are backed up. No big deal.
But speaking of firewalls, my firewalls *never* have any disk in them! I boot them from CD-ROM - absolutely no chance to install a rootkit because it cannot be written anywhere.
Care to add some detail to this? Some special CD-ROM distro? Else how do you do config files, or temporary files/tables/etc.? Do you create some sort of a RAM disk for this? How?
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx
-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
