Re: Log files, how to rotate properly
| От | Lamar Owen |
|---|---|
| Тема | Re: Log files, how to rotate properly |
| Дата | |
| Msg-id | 01061410303300.00942@lowen.wgcr.org обсуждение исходный текст |
| Ответ на | Re: Log files, how to rotate properly ("Dominic J. Eidson" <sauron@the-infinite.org>) |
| Список | pgsql-general |
On Wednesday 13 June 2001 17:45, Dominic J. Eidson wrote: > On Wed, 13 Jun 2001, Lamar Owen wrote: > > I have yet to see a 'lost' syslog message here, in over three years. > I've actually seen lost and partial/mangled messages come out of syslog - > during a 7Mbit/second DDoS that was being logged due to ipchains ... -l. Well, I guess my slow 1.544Mbps T1 isn't fast enough to cause my PIII-600 to croak under the load of 24x7 service. And I've seen the DDoS attacks as well -- which is one reason the packet filter logs from the cisco 2514 go to a dedicated host (that cannot be reached from the outside, thanks to NAT) that is also running snort. > Not that this happens _too_ often - we're talking 58k lines of log in a > very short amount of time. > (I agree with Lamar - it's just a "I've seen it happen" :) Well, I've also seen PostgreSQL 'lose' 15k tuples during a vacuum before (6.3.2 -- 7.0 apparently fixed the problem). Judicious placement of the logging hosts can prevent this lossage -- IOW, don't put all your eggs in one basket. Which is why my snort machine handles the heavy traffic logs -- it has a 27GB drive in it and does nothing else. And systems capable of doing that are not expensive -- I saw a P5 150 system on computersurplusoutlet.com for $39 US. I've seen alot of oddball things -- including a tape deck running by itself when not plugged in (in a 1000V/m RF field) -- but I've yet to see a dropped syslog message -- not that it can't or won't happen, but that it is unlikely. The suggestion to use DJB's multilog (by another poster) is a relatively good one -- but I am very wary of DJ's license -- when he's gone,the user of his software will be just plain stuck. I'd like to see the potential problems with syslog fixed, rather than another solution entirely. This is, after all, open source we're talking about, where a body can jump in to a project and help out any time one wishes :-). But make sure you block the UDP port syslog uses from coming in from the outside..... -- Lamar Owen WGCR Internet Radio 1 Peter 4:11
В списке pgsql-general по дате отправления: