[Mimedefang] potential stock syslogd caveats
Les Mikesell
les at futuresource.com
Mon Mar 1 12:54:46 EST 2004
On Mon, 2004-03-01 at 11:24, Jeremy Mates wrote:
> Currently I replace the default syslog daemon with syslog-ng if
> possible, which allows logging over TCP (no lost UDP logs: good for
> logging from a limited number of core servers, as opposed to lots of
> clients), and other benefits such as built in logfile rotation (no
> stupid conveyer belt of logfiles and syslogd restarting) and logging of
> the facility and priority.
What happens to a server if it is logging via tcp and the syslog-ng
receiving it can't keep up writing to disk? In the past I've seen
local unix socket connections kill named and sendmail when syslog
couldn't keep up - and of course there was no log about why...
The server in question was also collecting remote logs from several
cisco routers around the time of the first Code Red virus but
still, given a choice between killing a server and dropping a
syslog message, I'd prefer to drop the message.
---
Les Mikesell
les at futuresource.com
More information about the MIMEDefang
mailing list