Re: syslog, was Re: greetingz

From: D Tuinstra (tuinstraat_private)
Date: Sat Aug 11 2001 - 07:18:03 PDT

  • Next message: Hal Snyder: "Re: NT Syslog"

    On Friday 10 August 2001 16:53, dgillettat_private wrote:
    >   The thing is, standard syslog uses UDP, so if the log server
    > hiccups (or needs a reboot, or whatever), the info is lost.  I'm not
    > sure how far the new syslog-sec proposal goes towards remedying that.
    >
    >   Have people experimented with sending syslog to a broadcast /
    > multicast destination instead of a single host?  Did it work?
    
    Also consider the technique of sending syslog data
    out the serial port to the central logging machine ...
    avoids the network altogether, and lets you keep the
    CLM very secure.  Disadvantage, of course, is running
    extra cables, and the need for lots of serial ports on
    the CLM (or some kind of multiplexing at some point
    before the CLM).  If you're running NT, you're
    probably on i386 architecture where IRQs for serial
    port interrupts are a (mighty) scare resource.  
    
    I know there are people doing this, can anyone on the 
    list comment?  We'll probably want to do something
    like this in our lab this Fall semester.
    
    If the bandwidth of Plain Old Serial Cables is 
    insufficient, perhaps firewire could be used?  (I've 
    never touched the stuff so I don't know).
    
      --Dwight
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Sun Aug 12 2001 - 07:58:36 PDT