On Tue, May 18, 1999 at 04:54:25PM +0200, Henrik Bergstrom wrote:
> What is the most common method used by "standalone" firewalls to generate
> log files? (With "standalone" I mean firewalls which have no local
> secondary storage, e.g. harddisk.)
>
It's a matter of load. If your firewall has no writable harddisk, then
you'll need to disable all of Squid's logfiles - a horrendous thing to do.
I'm using Squid in a firewall'ed environment - but the host it's running on
has it's root partition on a CD (i.e. read-only) - but Squid runs chrooted
on /var (a writable HDD). I _want_ access.log/etc for stats/etc - so I must
have a disk. Depending on the size of the user population, you may be able
to get away with writing to a remote fileserver - but that normally means
NFS - which no-one should trust in a firewalled area!
The same thing applies to all other logging. You could use syslog to log
over the network to an internal syslog server - but then you've just moved
the problem - not removed it.
Put in a HDD and focus on protecting it...
--
Cheers
Jason Haar
Unix/Network Specialist, Trimble NZ
Phone: +64 3 3391 377 Fax: +64 3 3391 417
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
