On Sun, 28 Apr 2002, Mikael Olsson wrote: :> I read that as the default being flushing after every packet ... :-( : :Yes, the default in the good old plain syslogd is flushing the output :stream after every packet written. For any serious firewalling, I :think that this blows. : :Yes, the argument FOR flushing after every packet is "but if the log :server crashes, you'll lose the last couple of packets". I think this :is a bogus argument. If the server crashes, you'll lose MANY packets.
For critical stuff like security gateway logs, etc. I tend to log to multiple log hosts. IOS and PIX do allow this. Also PIX can do TCP logging to their PFSS (PIX firewall syslog server). I haven't used this. Perhaps syslog-ng can be a TCP log receiver in this mode, I'm not sure? _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
