On Mon, Aug 09, 2004 at 08:22:22PM +0000, Bennett Todd wrote:
> appropriate choice. UDP-based syslog doesn't cause writers to block
> when readers go unavailable. It also doesn't allow someone to easily
Too right - great feature.
OTOH, syslog over UDP can totally saturate a WAN pipe (no flow-control) -
whereas the same traffic over a TCP channel would be forced to share it
nicely with other traffic (not that I've ever seen that myself - oh no - not
me... ;-{)
Here, we go with syslog-over-UDP for LAN devices (face it - what alternative
is there? What other logging protocol supports Unix, Windows [3rd party],
routers, printers, switches, etc), and use syslog over TCP exclusively over
the WANs.
syslog-ng rulz :-)
> Now what's _broken_ about syslog is the idiot timestamp format. That
> is so losing.
Yup. Another feature that's great about syslog-ng - you can change the
timestamp to be - well - not idiotic. Unfortunately it then breaks parsers
galore - but your logs are well timestamped.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Mon Aug 09 2004 - 18:51:35 PDT