[logs] Log Generator
Marcus J. Ranum
mjr at ranum.com
Tue Jan 29 12:39:28 PST 2008
Just as an FYI - if you're stress-testing a logging system, first
load it up with something that outputs sequence numbers, then
check the sequence numbers on the backend for drop-outs.
With UDP syslog there are multiple points where the system
(udp output queues, network devices, udp input queues, etc)
feels justified in throwing away log traffic.
I did some stuff with this "back in the day" and my numbers
would no longer mean anything. But I was surprised as hell
when I was syslogging a ton of stuff on one machine and
noticed in tcpdump that the box was only sending 1/10 as
many packets as I expected...
mjr.
More information about the LogAnalysis
mailing list