[logs] naming multiple output files with syslog-ng
Mordechai T. Abzug
morty at frakir.org
Wed Dec 26 17:14:00 PST 2007
On Thu, Dec 20, 2007 at 11:25:37AM -0500, Marcus J. Ranum wrote:
> Administrators consistently blow logging off because "it'll slow
> things down." To which the correct response is always, "Really? When
> you measured it, how significant was the impact?"
We used to have some Cisco 7500 routers which did a fair amount of
logging of packet-level events (i.e. denies.) Over the years in this
configuration, CPU utilization gradually increased. At one point, CPU
hit 100%, and we started having high packet loss. One of the network
guys tried turning off logging. CPU immediately dropped to about 3%,
and performance steadied. We did some checking to see if there was a
looping problem (i.e. logging all logged packets) and there wasn't.
Logging was just a more CPU-intensive activity on that architecture,
and the gradual increase in denied traffic had finally overwhelmed it.
Yes, this is now-old Cisco hardware, running a now-old version of IOS.
At the time, though, the hardware was relatively modern.
[Not bothering to CC: the OP, since this has nothing to do with the
OP.]
- Morty
More information about the LogAnalysis
mailing list