On 3 Jan 2003, at 17:34, Buck Buchanan wrote: > I have both systems configured so that the event logger logs everything > that is sent to it. Both systems have the logs set to overwrite. IMHO, this is not a good idea. You should be aware what the system has to do in overwrite mode *for every single event* when the log is full: - search the oldest event - check whether the new event is larger than the oldest event - if yes, search the second oldest event - check again, until enough space for the new event is found - write the new event - write eventlog footer after new event - write updated information into eventlog header You see, lots to do, which can result in the loss of events if you log anything. In case you did choose the option to overwrite events after a defined number of days, you might loose additional events, see http://www.heysoft.de/nt/eventlog/faqa1.htm#A24 > Rebooting the NT has "fixed" arp, but rasusers and the bash subshell still > are not logging process termination. This seems to be "normal behaviour", see http://www.heysoft.de/nt/eventlog/faqa1.htm#A9 Frank Heyne _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Sat Jan 04 2003 - 10:44:29 PST