In some email I received from Bennett Todd, sie wrote: > > While the focus of this design effort is on security, my biggest concern > is performance --- and it bears on security. Immutable logging protocols are > cool, and if they can be delivered with adequate performance that's utterly > spiffy, but my biggest single gripe with the current syslog implementation is > its overload behavior of dropping messages. The latter problem is implementation specific, I believe. Of the various implementations I've looked at, Solaris's is the best in terms of not dropping messages. The reason for this is simple - they have separated the receiving and recording of messages into separate threads, so when a thread gets hung in disk-wait, writing to the log file, it doesn't impact on the receiving of messages from the UDP port, which are just queued up for the file. That's next for nsyslogd (it currently tries to do clever things with fsync(), but that's not very well tested yet). Darren
