Interesting. We all "know" syslog/UDP is bad, but no one has ever quantified "how bad". Your example isn't what I saw "in the wild", though. There, the only losses we could really easily verify were router congestion on internal nets causing UDP in general to be dropped, causing gaps in the log files. For that scenario, we could have really, really, used some sequence numbers in the log messages. All the lossage was in the net, not on the hosts (source or sink). Of course, that was a benign environment, not (always) under attack. -- Tom Perrine - tperrine@private Sony Computer Entertainment America _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Mon Aug 09 2004 - 14:43:55 PDT