Re: Iptables logs on High bandwidth traffic network

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mogens Valentin <monz@danbbs.dk>
To: netfilter@lists.netfilter.org
Cc: "Taylor, Grant" <gtaylor@riverviewtech.net>
Subject: Re: Iptables logs on High bandwidth traffic network
Date: Thu, 05 May 2005 00:40:39 +0200	[thread overview]
Message-ID: <42794F67.7060803@danbbs.dk> (raw)
In-Reply-To: <4278F150.4000806@riverviewtech.net>

Taylor, Grant wrote:
>> Hi all,
>>         I am planning to implement iptables log feature on a server
>> machine(Dual xeon processor,Intel e100 cards,80GB SCSI and 2GB RAM)
>> which is running in bridge mode (On RH 7.3).The average traffic on this
>> machine is vary from 40-60Mbps.Hence I require some suggestion for some
>> my questions like,
>>
 > The reason that
> LOG is not meant for high volume logging is that it relies on SysLog to 
> log it's data which in and of it's self is not meant for high volume 
> longing.  SysLog will quite often become disk bound if you try to log 
> such high volumes to it and thus the system will sort of flounder...

How about using a fifo (man mkfifo and man syslog) and let syslog pipe 
to that fifo. Some program can then read from the fifo, parse data, and 
maybe use a database for storing the parsed, now more limited, data.
Might be a good ide to have the database on another system :-

-- 
Kind regards,
Mogens Valentin

next prev parent reply	other threads:[~2005-05-04 22:40 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-05-04 12:45 Iptables logs on High bandwidth traffic network bharathi
2005-05-04 15:59 ` Taylor, Grant
2005-05-04 22:40   ` Mogens Valentin [this message]
2005-05-04 23:13     ` Taylor, Grant
2005-05-05  6:59       ` Jozsef Kadlecsik
2005-05-05  7:24         ` Taylor, Grant
2005-05-05  8:15           ` Jozsef Kadlecsik
2005-05-05 11:24             ` Mogens Valentin
2005-05-05 11:59               ` Jozsef Kadlecsik
2005-05-05  9:37         ` Mogens Valentin
2005-05-05 10:07           ` Jozsef Kadlecsik
2005-05-04 16:39 ` Jason Opperisano
2005-05-04 17:18 ` Steven M Campbell
2005-05-04 20:37 ` Jozsef Kadlecsik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42794F67.7060803@danbbs.dk \
    --to=monz@danbbs.dk \
    --cc=gtaylor@riverviewtech.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.