Firewall Wizards mailing list archives
Re: syslog and network management
From: david () lang hm
Date: Thu, 21 Feb 2008 17:19:58 -0800 (PST)
On Wed, 20 Feb 2008, Darden, Patrick S. wrote:
3. Performance-wise, is there anything special needed? Not really. It depends on the size of the network, number of devices, how much detail you are recording, etc. What you describe is a good basis for starting. Proably the three best things you could do would be: dual core cpu (any decent ghz), a great NIC (or two, lots of udp bursts from syslog), and lots of storage (you would want to keep at least 1 year in local drive space).
if you end up doing much searching through your logs you can end up eating a LOT more CPU then you imagine, especially as you correlate things and end up searching for more related items at a time. I've also found that it's faster to gzip the logs as you rotate them and search through the compressed logs then to search through the same volume of logs uncompressed. what I do on my very busy servers is to put one high-rpm SCSI drive and one (or more) large SATA drives in the box. I have syslog write to the SCSI drive and then when I rotate the logs I save them to the slow, but cheap SATA drive. David Lang _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- syslog and network management shadow floating (Feb 19)
- Re: syslog and network management Darden, Patrick S. (Feb 19)
- Re: syslog and network management shadow floating (Feb 20)
- Re: syslog and network management Darden, Patrick S. (Feb 21)
- Re: syslog and network management david (Feb 22)
- Re: syslog and network management Brian Loe (Feb 22)
- Re: syslog and network management david (Feb 23)
- Re: syslog and network management Brian Loe (Feb 25)
- Re: syslog and network management david (Feb 27)
- Re: syslog and network management ArkanoiD (Feb 29)
- Re: syslog and network management Timothy Shea (Feb 29)
- Re: syslog and network management shadow floating (Feb 20)
- Re: syslog and network management Darden, Patrick S. (Feb 19)
- Re: syslog and network management Alejandro Ezequiel Fernández Preda (Feb 21)
- Re: syslog and network management Dave Piscitello (Feb 22)
- Re: syslog and network management Brian Loe (Feb 22)
- Re: syslog and network management Brian Loe (Feb 22)