RE: [logs] How are people bringing DMZ syslog msgs into the central server?

From: Alberto Gonzalez (albertgat_private)
Date: Wed Feb 05 2003 - 19:07:56 PST

  • Next message: Darin.MARAISat_private: "RE: [logs] Regulatory logging requirements"

    I believe there is a 2GB file size limit. This was brought up a few
    times on snort-users and other mailing lists. Just thought you'd like to
      Alberto Gonzalez
    "The secret to success is to start from scratch and keep on scratching. 
    -----Original Message-----
    From: loganalysis-adminat_private
    [mailto:loganalysis-adminat_private] On Behalf Of Mikael Olsson
    Sent: Wednesday, February 05, 2003 1:12 PM
    To: Balazs Scheidler
    Cc: loganalysisat_private
    Subject: Re: [logs] How are people bringing DMZ syslog msgs into the
    central server?
    Balazs Scheidler wrote:
    > syslog-ng supports files over 2GB
    Hm? Interesting. My syslog-ng on a linux box promptly died every 
    time the daily log hit 2GB. Just exited. This is consistent with 
    how glibc behaves, but I didn't know that at first, so I kept it 
    running in a "while true" loop to keep it from dying on me - it 
    kept looping until the next day, when it started a new output 
    file.  My solution then was to move to hourly splitting.
    Anyway, this wasn't meant as an all-out criticism on syslog-ng. 
    It was just meant to illustrate the point that, while I believe 
    sending the logs straight to a syslog server, it still needs 
    some thought, as is the case with anything related to 
    computer security.
    Mikael Olsson, Clavister AB
    Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
    Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
    Fax: +46 (0)660 122 50       WWW:
    LogAnalysis mailing list
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 23:18:13 PST