Hi Mikael,
## On 2002-04-27 12:39 +0200 Mikael Olsson typed:
MO>
MO> Edmundo Lopez III wrote:
MO> >
MO> > The standard answer will always be - "it depends". I would get a syslog
MO> > daemon (if you can't find a free one i'll send you one) and point the
MO> > PIX syslog to it. If you don't get several hundred messages per minute,
MO> > then you're ok. Otherwise, you know to do less intensive monitoring
MO> > (unless the information received was exactly what you were looking for)
MO> > or get a syslog server that can handle all the input.
MO>
MO> Most any unix-based syslog server can handle hundreds of syslog
MO> message per second, on whatever crappy hardware you're able
MO> to dig up, _IF_ the syslog daemon has a flag to disable automatic
MO> flushing of the output file.
On Linux that would be that would be prepending a minus ( "-" ) to the
filename is syslog.conf
MO>
MO> I'll tell you about a syslog server on a pentium-200 that handled about
MO> 1 gigabyte of firewall log output per day. This is just over one hundred
MO> log messages per second, on an average. This box ran at 80-90% CPU
MO> load constantly. Very bad juju. But when "forced output flushing" was
MO> turned off (I don't remember the exact switch name), it went down to
MO> about 5% CPU.
MO>
I assume you're speaking of a Linux syslog server ?
Wouldn't you agree that benchmarking the effect on Disk I/O is at least
as relevant as the effect on the CPU ?
MO>
MO>
--
Regards
Rafi
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
