* Les Mikesell <[EMAIL PROTECTED]> > What happens to a server if it is logging via tcp and the syslog-ng > receiving it can't keep up writing to disk? In the past I've seen > local unix socket connections kill named and sendmail when syslog > couldn't keep up - and of course there was no log about why... The > server in question was also collecting remote logs from several cisco > routers around the time of the first Code Red virus but still, given a > choice between killing a server and dropping a syslog message, I'd > prefer to drop the message.
Bandwidth throttle incoming data such that no one host can overrun the disk, or for yakky systems where the logs tend to repeat, keep them on UDP. syslog-ng does do some degree of buffering, though I have not stress tested it. Another option would be to keep the loghost on a different system than what is running named/sendmail... For more about logging issues, perhaps see the LogAnalysis mailing list: http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
