Re: Appropriate PIX logging level

["Marcus J. Ranum" <mjr () ranum com>]

ArkanoiD wrote:
> Well, does that mean that syslog should be either not reliable (generic 
> datagram), not portable enough (sdsc), buggy (nsyslogd) or suffering
> performance problems (ng) ;-)?

No, it should have not sucked to begin with. The original version
was a sloppy hack, even its author says so.

BEEP was braindamaged to begin with; basically someone had a
summer project that resulted in a communications layer, and
they wandered around until they found something they could
hammer it into. "Wow! Cool! Syslog! Yeah, we could use BEEP
for that!" Except, of course, they ended up using a backhoe, not
a hammer.  Someone run and stuff its CVS repository with garlic
and hammer a stake through its heart, lest it rise from the grave,
undead and vengeful... Requiscat in pace, sdsc-syslog.

The problem with a syslog for today is actually simplified. With
the omnipresence of TLS/rsync/ssh there is relatively little need
to put all the fancy gum right into the syslog server itself.
Something like minirsyslog for reliable local collection + rsync 
for reliable remote transport, and awk/rrdtool for analysis
and you're pretty much there.

It's not that we need another syslogd; we need a massive
overhaul of the whole concept, in which most of what we are
currently using gets deprecated and replaced with
something much simpler.

Of course the current trend is not to simplify - why simplify
when you can wrap layers of indirection around complexity
to hide it? Well, it may be a house of cards but at least it's
large!

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards