On Thu, Feb 01, 2007 at 08:09:29AM -0500, Sam Hartman wrote:
> > "Mark" == Mark Andrews <[EMAIL PROTECTED]> writes:
> >> - 'The syslog Protocol ' as
> >> a Proposed Standard
>
> Mark> draft-ietf-syslog-protocol-19.txt recommends using a
> Mark> reliable protocol. Existing
On Thu, Feb 01, 2007 at 10:08:39AM -0800, David W. Hankins wrote:
> If you have 50,000 syslog lines to put out, and only enough
> network/disk/something bandwidth for 5,000 within the same time
> frame, that's a problem.
s/5,000/49,999/
Apologies for the clerical error.
--
David W. Hankins
On Thu, 1 Feb 2007, David W. Hankins wrote:
If you insist on keeping all 50,000 lines of output, there is no
solution to that problem. If you block, that's a big problem as
it ultimatley totally disables the service attempting to log
information. If you write to a growing backing store, well yo
On Thu, Feb 01, 2007 at 10:30:17PM +0200, Pekka Savola wrote:
> It's acceptable for the syslog sender to replace overflowing lines of
> syslog (if some messages need to be dropped due to lack of resources)
> with a message about rate-limiting, messages being dropped, or
> whatever -- just the sa
On Thu, Feb 01, 2007 at 10:08:39AM -0800,
David W. Hankins <[EMAIL PROTECTED]> wrote
a message of 98 lines which said:
> If you block, that's a big problem as it ultimatley totally disables
> the service attempting to log information.
Wether it is a bug or a feature depends on your requirments
I'd have to agree with Pekka. We've just gone through this with ATIS
and "reliable" accounting, which is quite a bit messier than this
problem. So long as the log indicates that something bad has happened,
it seems to me that you're covered. Of course, with reliability comes
some amount of c
On Fri, Feb 02, 2007 at 08:31:49AM +0100, Stephane Bortzmeyer wrote:
> Wether it is a bug or a feature depends on your requirments. On some
> high-security environments, people prefer to suspend the service
> rather than not being able to log it. (Otherwise, an attacker could
> easily attempt many
Daring to rush in without having read the documents
it seems to me that somewhere one needs a NOTE, something along the lines
of:
NOTE: In some situations, for instance when a destination disk is full or
damaged, a syslog facility may be unable to process all messages, despite
the messag
On Fri, Feb 02, 2007 at 09:59:45AM -0800,
David W. Hankins <[EMAIL PROTECTED]> wrote
a message of 60 lines which said:
> I'd just like to point out that you're choosing one bug over
> another.
Not at all (a disk which is full is *not* a bug). I simply want to
emphasize that security is ALWAYS
Tom Petch
- Original Message -
From: "Harald Tveit Alvestrand" <[EMAIL PROTECTED]>
To: "David W. Hankins" <[EMAIL PROTECTED]>;
Sent: Sunday, February 04, 2007 9:43 PM
Subject: Re: draft-ietf-syslog-protocol: "Reliable delivery considered harmful.&
10 matches
Mail list logo
