Ulogd

Ulogd

[darkstar]

Quick question, I use ulog for all logging and would like to start
logging to a MySQL database.
I want to log to a database on another server. Would it be better
(traffic wise) to log directly to the database or to rather import a log
file at the end of the day into the database..???

Thanks
Paulo

Re: Ulogd

[Antony Stone]

On Monday 07 October 2002 8:15 am, darkstar wrote:

> Quick question, I use ulog for all logging and would like to start
> logging to a MySQL database.
> I want to log to a database on another server. Would it be better
> (traffic wise) to log directly to the database or to rather import a log
> file at the end of the day into the database..???

I'd say it depends on two things, maybe three:

1. How steady is the traffic on the link between your servers, and does it 
saturate ?   If you have spare capacity most of the time, there's no harm in 
sending the logs continuously.   If it saturates, then you would generate 
most log entries when there's most traffic, making the problem worse, so best 
to batch it up for a quiet period in the moddle of the night...

2. What do you want to do with the logs on the database ?   If you have no 
interest in processing them as they come in, there's no need to get them 
"live", so a batch upload might be best.   If your database will be used for 
live traffic analyses and you want to see what's come inn in the past 5 
minutes, you need a continuous update.

3. If you get some serious problem and your firewall gets compromised, 
crashes, bursts into flames etc., how bothered are you about losing the 
current day's logs ?   If you don't care, then a batch upload is okay; if you 
want to see what happened just before the disaster, you need to send to the 
database server continuously.

Hope this helps,

Antony.

-- 

This is not a rehearsal.
This is Real Life.

ULOGD

[zze-KHOURY Jad FTRD/DMI/CAE]

Hi,
I want to use the ULOG target instead of LOG target on my firewall rules
so I have to download the ULOGD Deamon. I found the ulogd for a linux
mandrake but I need it for a RedHat V.9.
Any help!!
Best regards
jad

Re: ULOGD

[Sven Schuster]

[-- Attachment #1: Type: text/plain, Size: 670 bytes --]


Hi Jad,

On Fri, May 07, 2004 at 11:52:32AM +0200, zze-KHOURY Jad FTRD/DMI/CAE told us:
> Hi,
> I want to use the ULOG target instead of LOG target on my firewall rules
> so I have to download the ULOGD Deamon. I found the ulogd for a linux
> mandrake but I need it for a RedHat V.9.

Two choices:
1. compile it from source
2. look at rpmsearch.com/freshrpms/insert your favorite rpm search
   engine if you can find rpm packages for redhat 9

HTH

Sven

> Any help!!
> Best regards
> jad

-- 
Linux zion 2.6.6-rc1 #1 Sat Apr 17 11:50:12 CEST 2004 i686 athlon i386 GNU/Linux
 12:33:15  up 1 day, 12:28,  1 user,  load average: 0.00, 0.00, 0.00

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]