[leaf-user] How do you archive shorewall logs

What's the recommended way to store the shorewall logs in a way that survives a reboot? I assume mounting a USB stick to store them on it would wear the stick out within months. And external USB disks aren't made for 24/7 operation. rsyslog has RELP to reliable transfer syslog messages to a remot

Re: [leaf-user] How do you archive shorewall logs

Hi Sven Am 19.01.2016 um 20:41 schrieb Sven Kirmess: > What's the recommended way to store the shorewall logs in a way that > survives a reboot? None :-( > > I assume mounting a USB stick to store them on it would wear the stick out > within months. And external USB disks aren't made for 24/7 o

Re: [leaf-user] How do you archive shorewall logs

On Tue, Jan 19, 2016 at 11:03 PM, Erich Titl wrote: > > > rsyslog has RELP to reliable transfer syslog messages to a remote server, > > but Bering-uClibc uses syslog-ng. If I understood it correctly syslog-ng > > has RLTP as a reliable protocol, but only in the commercial version. > > Why do you

Re: [leaf-user] How do you archive shorewall logs

Hi Sven Am 20.01.2016 um 18:32 schrieb Sven Kirmess: > On Tue, Jan 19, 2016 at 11:03 PM, Erich Titl wrote: > >> >>> rsyslog has RELP to reliable transfer syslog messages to a remote server, >>> but Bering-uClibc uses syslog-ng. If I understood it correctly syslog-ng >>> has RLTP as a reliable pr

Re: [leaf-user] How do you archive shorewall logs

On Wed, Jan 20, 2016 at 6:51 PM, Erich Titl wrote: > > I see, you want reliable central logging not archiving logs. > I'm looking for a solution to preserve the log files when my firewall reboots. I'm planning to use my APU2B4, with only a USB stick for storage. I can now either add storage to t

Re: [leaf-user] How do you archive shorewall logs

Hi Sven Am 20.01.2016 um 21:34 schrieb Sven Kirmess: > On Wed, Jan 20, 2016 at 6:51 PM, Erich Titl wrote: > >> >> I see, you want reliable central logging not archiving logs. >> > > I'm looking for a solution to preserve the log files when my firewall > reboots. I'm planning to use my APU2B4, w

Re: [leaf-user] How do you archive shorewall logs

A typical solution to extend flash life is to buffer to a RAM disk and write periodically to your flash storage. You should also flush to lash on shutdown. If you are that concerned with the integrity of the log data your system should also be on a UPS. Dave Dillabough > On Jan 20, 2016, at

Re: [leaf-user] How do you archive shorewall logs

Bering-uClibc logs the netfilter logs through ulogd and not syslog. According to the change log that was changed by Shorewall some time ago and there was probably a reason for it. Trying to funnel it again through rsyslog is probably not the best idea. ulogd can be configured to only log after 4k

Re: [leaf-user] How do you archive shorewall logs

Hi Sven Am 25.01.2016 um 21:12 schrieb Sven Kirmess: ...> > On Wed, Jan 20, 2016 at 11:37 PM, Erich Titl wrote: > >> >> Why not add a ssd for logs? >> > > I think that's the best solution. There are 30 GB mSATA SSDs that cost > about €20 and are specified for 3 drive writes per day during their

Re: [leaf-user] How do you archive shorewall logs

On Tue, Jan 26, 2016 at 8:49 AM, Erich Titl wrote: > Am 25.01.2016 um 21:12 schrieb Sven Kirmess: > > > > > Would you mind to tell us where to find it for that price? > CHF 28.- CHF 28.

Re: [leaf-user] How do you archive shorewall logs

You can look on ebay, or on chinese aliexpress. Low-capacity SSDs are enough cheap. One thing - be careful about SSD controller and memory type. Sandforce may not always work OK for a long time. And TLC memory is slightly worse than MLC. 26.01.2016 09:49, Erich Titl пишет: > Hi Sven > > Am 25.

Re: [leaf-user] How do you archive shorewall logs

Am 26.01.2016 um 09:50 schrieb Andrew: > You can look on ebay, or on chinese aliexpress. Low-capacity SSDs are > enough cheap. > > One thing - be careful about SSD controller and memory type. Sandforce > may not always work OK for a long time. And TLC memory is slightly worse > than MLC. We sh

Re: [leaf-user] How do you archive shorewall logs

IMHO SLC is overkill for logging - they are rare and there's no big amount data logged. And IMHO even usual USB flash stick will be OK. In any case, this isn't a mission-critical info that stored on it. Usual MLC when used as flashcache device on heavy loaded DB server works OK near 1 year - wi

Re: [leaf-user] How do you archive shorewall logs

On 25/01/16 21:12, Sven Kirmess wrote: > ulogd can be configured to only log after 4k data is collected (but then it > flushes the whole buffer, not only 4k). And it can even write 2 log files > concurrently. One to the ram disk without delay and one to a flash media > with delay. But I think that'

Re: [leaf-user] How do you archive shorewall logs

My current netfilter firewall produces about 80'000 lines of log per day. The most common line length is between 192 and 297 chars The Kingston SSD reports 512 byte logical and physical sector size to smartctl. > === START OF INFORMATION SECTION === > Device Model: KINGSTON SMS200S330G > Seri

Re: [leaf-user] How do you archive shorewall logs

SSD's page size is usually hundreds of KBs. IMHO f2fs will be good choice. 07.02.2016 17:24, Sven Kirmess пишет: > My current netfilter firewall produces about 80'000 lines of log per day. > The most common line length is between 192 and 297 chars > > The Kingston SSD reports 512 byte logical and

Re: [leaf-user] How do you archive shorewall logs

Hi Sven Am 07.02.2016 um 16:24 schrieb Sven Kirmess: > My current netfilter firewall produces about 80'000 lines of log per day. Don't you think that is a bit overdoing it. I would not call this a firewall but a sniffer, as you probably log every connection attempt. cheers ET

Re: [leaf-user] How do you archive shorewall logs

>From the sound of it, it seems that the default UDP or TCP remote logging feature in syslog-ng is not acceptable. I don't recall if there was a reason stated for this, but these protocols generally do a very good job at getting logs off of the firewall and onto something more able to analyze, se

Re: [leaf-user] How do you archive shorewall logs

On Wed, Jan 20, 2016 at 11:37 PM, Erich Titl wrote: > Why not add a ssd for logs? Just in case someone is still interested in that. I've added a 30 GB Kingston SSDNow mS200 to my APU2 for the log files nearly a year ago. I've decided to use ext4 as file system because Bering-iClibc ships with m