On Tue, Jun 21, 2016 at 10:47 AM, Gregory Edigarov <ediga...@qarea.com> wrote: > well, but why not just settup syslogd to fan logs out to some other server?
the reason I don't do that is because the sites where I have such firewalls deployed don't have any other servers. I don't want to ship logs over VPN links because those links are not particularly fast. at my 'main' site the firewall is a bigger box with a bigger disk and I don't use MFS for /var/log there. if I were doing so I would certainly consider having syslogd forward logs elsewhere because in general it's a good practice. -ken