Edmundo Lopez III wrote: > > The standard answer will always be - "it depends". I would get a syslog > deamon (if you can't find a free one i'll send you one) and point the > PIX syslog to it. If you don't get several hundred messages per minute, > then you're ok. Otherwise, you know to do less intensive monitoring > (unless the information received was exactly what you were looking for) > or get a syslog server that can handle all the input.
Most any unix-based syslog server can handle hundreds of syslog message per second, on whatever crappy hardware you're able to dig up, _IF_ the syslog daemon has a flag to disable automatic flushing of the output file. I'll tell you about a syslog server on a pentium-200 that handled about 1 gigabyte of firewall log output per day. This is just over one hundred log messages per second, on an average. This box ran at 80-90% CPU load constantly. Very bad juju. But when "forced output flushing" was turned off (I don't remember the exact switch name), it went down to about 5% CPU. -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
