[c-nsp] Cisco boxes and Syslog-ng
Ariel Biener
ariel at post.tau.ac.il
Thu Sep 8 06:19:20 EDT 2005
On Thursday 08 September 2005 06:50, A.Rahman Isnaini R.suTan wrote:
> I noted that Cisco couldn't log the traffic with thousands hits persecond.
> They shown on the ACL matches but not shown either on "show logging" or
> in the log file of syslog-ng server.
>
> I believe there is a limitation or threshold hits that Cisco could log
> them.
I am not sure I understand your mail. You think there is a limitation on how
many msgs/sec a Cisco device can send or a limitation on how many
msgs/sec a syslog/syslog-ng server can receive ?
In general, both are correct. However, the original question talked about a
myriad of Cisco devices, routers, switches and lots of other ciscos, all
logging to one place. Since the original writer of the question didn't mention
how many devices and how much syslog traffic they generate altogether, I asked
about the total msgs/second from all of them. Naturally, he can create
a syslog-ng cluster using load balancing (alteon, radware, 6500 SLB and
others) and redirect the traffic to a few servers. Then, all these servers
should export their /var/log/ filesystem to another server, used to analyze
all the logs (NFS over GigE for example).
--Ariel
--
Ariel Biener
e-mail: ariel at post.tau.ac.il
PGP: http://www.tau.ac.il/~ariel/pgp.html
More information about the cisco-nsp
mailing list