On Sat, 11 Aug 2001, Marlys A Nelson wrote: ... > Recently, the log traffic from our firewall (linux running ipchains) has > been so heavy that the syslog server has been losing data. ... > I'm wondering how others configure their syslogging "enterprise-wide" to > avoid this problem? I think it sounds a bit weird that the syslog server is losing data just because of one host sending to much information. If you mean you're running standard Linux syslogd on the syslog server, I think you should really try something else. You're probably logging into one big file on the syslog server, right? If I'm not misstaken, at least Linux standard syslogd has/had some terrible performance problems when handling large log files. Here we have a few hundred machines (unix, windows, routers, switches etc) logging to a central syslog server running syslog-ng. No special hardware. The CPU usage is almost never above a couple of %. Regards, Andreas Östling --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Sun Aug 12 2001 - 12:52:17 PDT