> > I think it sounds a bit weird that the syslog server is losing data just > > because of one host sending to much information. > Well, when that one host is our firewall, and the rule that's triggering > it is a deny on port 80 and we have a Class B network that's being > hammered by the world scanning for IIS servers, that's one heck of a lot > of information that's being sent. Sorry, I forgot about Code Red there for a while :) > I'd be willing to look into an alternate syslogd for this server if this > would help. Is syslog-ng the main alternative or are there others? Perhaps Modular syslog: http://www.core-sdi.com/download/download.html I hope another syslogd will work better for you (I still think it will). Regards, Andreas Östling --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 14:58:05 PDT