On 12 Aug 2001 16:04:40 -0500, Brian Hatch wrote: > > > > I think it sounds a bit weird that the syslog server is losing data just > > because of one host sending to much information. > > Since syslog uses UDP, and there's no method to enforce > retransmits of lost UDP datagrams built into the protocol > itself, it's quite possible for a busy network to cause > UDP packet loss, and thus the syslogd server will 'miss' > logs that were sent but not received. > Cisco have a proprietary tcp-syslog that can be used with their PIX firewalls: does anyone know if thats based on an open standard, or have they just done a one-off? Rob > > > -- > Brian Hatch "Faith" means not wanting > Systems and to know what is true. > Security Engineer > http://www.hackinglinuxexposed.com/ > > Every message PGP signed --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 14:59:21 PDT