On Mon, Aug 26, 2002 at 02:02:11PM -0700, Tom Perrine wrote: > Just as one example, consider that with syslog-reliable you may have > thousands of long-lived (weeks, years?) TCP connections to a single > log host. Heh :-) Yeah - I kinda get the feeling that's part of the reason syslog was UDP-based... I haven't read the syslog-over-TCP specs, but I assume it can be written like HTTP pipelining: one connection for 'n' events, etc. Although you quickly get into application-specific issues. e.g. the PIX. If you using it's syslog-over-TCP option, it will FREEZE if the TCP session goes down. Obviously not a good thing if your syslog server is continually tearing down unused TCP sessions in order to save resources... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Aug 27 2002 - 09:18:01 PDT