LogAnalysis
[logs] naming multiple output files with syslog-ng Dec 17 2007 02:20PM
Christian Folini (christian folini post ch) (2 replies)
RE: [logs] naming multiple output files with syslog-ng Dec 20 2007 03:55PM
Jan Monsch (jan monsch csnc ch) (1 replies)
RE: [logs] naming multiple output files with syslog-ng Dec 20 2007 04:25PM
Marcus J. Ranum (mjr ranum com) (3 replies)
Re: [logs] naming multiple output files with syslog-ng Dec 27 2007 01:14AM
Mordechai T. Abzug (morty frakir org) (1 replies)
On Thu, Dec 20, 2007 at 11:25:37AM -0500, Marcus J. Ranum wrote:

> Administrators consistently blow logging off because "it'll slow
> things down." To which the correct response is always, "Really? When
> you measured it, how significant was the impact?"

We used to have some Cisco 7500 routers which did a fair amount of
logging of packet-level events (i.e. denies.) Over the years in this
configuration, CPU utilization gradually increased. At one point, CPU
hit 100%, and we started having high packet loss. One of the network
guys tried turning off logging. CPU immediately dropped to about 3%,
and performance steadied. We did some checking to see if there was a
looping problem (i.e. logging all logged packets) and there wasn't.
Logging was just a more CPU-intensive activity on that architecture,
and the gradual increase in denied traffic had finally overwhelmed it.

Yes, this is now-old Cisco hardware, running a now-old version of IOS.
At the time, though, the hardware was relatively modern.

[Not bothering to CC: the OP, since this has nothing to do with the
OP.]

- Morty
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] naming multiple output files with syslog-ng Jan 01 2008 01:05PM
Chris Brenton (cbrenton chrisbrenton org)
RE: [logs] naming multiple output files with syslog-ng Dec 20 2007 06:22PM
Paul Melson (pmelson gmail com) (1 replies)
Re: [logs] naming multiple output files with syslog-ng Dec 21 2007 06:55AM
Christian Folini (christian folini post ch) (2 replies)
Re: [logs] naming multiple output files with syslog-ng Dec 21 2007 04:16PM
Chris Wee (chris wee loglogic com) (1 replies)
Re: [logs] naming multiple output files with syslog-ng Dec 24 2007 10:49AM
Christian Folini (christian folini post ch)
RE: [logs] naming multiple output files with syslog-ng Dec 21 2007 10:19AM
Jan Monsch (jan monsch csnc ch) (1 replies)
RE: [logs] naming multiple output files with syslog-ng Dec 23 2007 08:06PM
Marcus J. Ranum (mjr ranum com)
Re: [logs] naming multiple output files with syslog-ng Dec 20 2007 05:23PM
Bill Burge (bill burge com)
Re: [logs] naming multiple output files with syslog-ng Dec 18 2007 06:22AM
Tom Le (dottom gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus