Re: [logs] Syslog over TCP (Was: Re: Syslog payload format)

From: Bennett Todd (betat_private)
Date: Fri Jan 03 2003 - 11:51:25 PST

  • Next message: Bennett Todd: "Re: [logs] Syslog payload format"

    2003-01-03T12:52:36 Gibson, Jerry,, DMDCWEST:
    > Some devices require logging to function.  When using tcp and a
    > problem develops on the syslog server the device sending syslogs
    > will stop functioning, Cisco PIX firewall is one such device.
    
    That this isn't a configurable option (if it can't log, should it
    keep working or not) is arguably a defect in that device.
    
    But I don't think this is an issue we have to address, with one
    exception: if we're going to go ahead and provide an implementation
    of syslog-over-tcp, we should remember that the sender should be
    able to cope with an unreachable server; it'll have to have some way
    to save messages until they can be sent.
    
    Another place I've seen analogous behavior (log jams up, process
    freezes) is in djbdns. There my fix is to gleefully /dev/null the
    log data directly, so far I've not filled up my bit bucket.
    
    -Bennett
    
    
    

    _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis



    This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 18:52:54 PST