On Friday 10 August 2001 16:53, dgillettat_private wrote: > The thing is, standard syslog uses UDP, so if the log server > hiccups (or needs a reboot, or whatever), the info is lost. I'm not > sure how far the new syslog-sec proposal goes towards remedying that. > > Have people experimented with sending syslog to a broadcast / > multicast destination instead of a single host? Did it work? Also consider the technique of sending syslog data out the serial port to the central logging machine ... avoids the network altogether, and lets you keep the CLM very secure. Disadvantage, of course, is running extra cables, and the need for lots of serial ports on the CLM (or some kind of multiplexing at some point before the CLM). If you're running NT, you're probably on i386 architecture where IRQs for serial port interrupts are a (mighty) scare resource. I know there are people doing this, can anyone on the list comment? We'll probably want to do something like this in our lab this Fall semester. If the bandwidth of Plain Old Serial Cables is insufficient, perhaps firewire could be used? (I've never touched the stuff so I don't know). --Dwight --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Sun Aug 12 2001 - 07:58:36 PDT