Marcus J. Ranum wrote: >Conclusions: >syslogd is decidedly not OK for loads in the 10,000 messages/second range on > my machine I didn't add the obvious: "which is ridiculous" A machine capable of servicing thousands of web hits/second should be capable of logging them without dropping them on the floor. :) To aggregate large amounts of logs, 10,000 messages/second might not be an extraordinary number, assuming some buffering and sane handling of I/O on the host and the network. I don't think I'd want to try to insert 10,000 records/second into a SQL database, even using bulk inserts. ;) So one implication is that for really big-ass (yes, that's the technical term...) logging servers prefiltering and coalescing will be a requirement. Of course coalescing _fast_ is a real challenge... ;) mjr. --- Marcus J. Ranum Chief Technology Officer, NFR Security, Inc. Work: http://www.nfr.com Personal: http://www.ranum.com --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Jan 29 2002 - 14:36:24 PST