Hello, Thanks to all who responded to my previous email (High Network Load). Some more research has led me to some more questions ... TCP Reliability There has been much discussion on this list and elsewhere about the unreliability of UDP, but how about TCP. Does anyone have any stats regarding which situations will cause a loss of data when using TCP to log remotely? We have a pretty good network here ... reliable, redundant services, etc ... so the main problems I see are from either load on the machines (maintaining TCP connections, SSL/SSH, etc) or network saturation. Has anyone encountered and solved these solutions before whilst still maintaining a central log host setup? Alternative Methods I will be looking at using a single central syslog server, as we need to collect data from devices which only know about 'classic' syslog, and cannot log via any other mechanism. We also want to have as much data as possible collected in real-time, so I'll be implementing syslog over TCP as well (encrypted where possible). In addition, some shell/perl scripts will routinely collect logs from remote hosts in the event that data logged over the network got lost (syslog client machines will log both locally and to the central server). Michael Poon (Re: Central syslog server best practices?, 13/08/01) wrote of a similar configuration ... a little more complex, but the same basic idea. Does anyone have any comments or suggestions in regard to this or similar setups? Thanks Phil _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Oct 02 2003 - 06:26:20 PDT