On Fri, Mar 29, 2002 at 11:14:57AM -0500, Jason Piterak wrote: > Hi Sweth, > Have you taken a look at modular syslog (a syslog replacement) from Core > Security Technologies (bsd license -- > http://www.corest.com/products/corewisdom/CW01.php#nada)? I've looked at msyslog, although I hadn't noticed that particular feature in it. (Sweth goes off for a while and looks at the latest tarball...) Hmm... the docs are less than helpful, and the source isn't exactly pleasant to grok, but from what I can tell, msyslog uses a simple non-rolling buffer to store messages in memory when it can't reach the remote host. This means (again, from what I can tell) that if you set the buffer to, say, 8k, and you get 20k worth of logs generated while the loghost is unreachable, then only the first 8k of those logs are queued--the rest are discarded. Since the buffer is stored in memory, I'd be hesitant to make it exceptionally large (as opposed to a system that queued messages on-disk); also, on the off chance that the daemon died before reconnecting with the loghost, the buffer would, it appears, be lost entirely. Alejo, if you're still on-list, let me know if I'm missing something here. -- Sweth. -- Sweth Chandramouli Idiopathic Systems Consulting svcat_private http://www.idiopathic.net/ --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Sun Mar 31 2002 - 08:25:51 PST