[j-nsp] Syslog action performance impact

Jean BENOIT jean.benoit at crc.u-strasbg.fr
Fri Apr 1 11:10:50 EST 2005


Greetings,

I'm wondering how much a Syslog action in firewalls filter really
does impact performances.

Throwing a few scans (~10 kpps) on a M20 running JunOS 6.4R2.4, I
noticed that syslog message generation is rate-limited, but I don't
know to what extent.
I was unable to find any documentation about it.
So how is it done ? By the SSB / the routing engine / both ? 
What is the actual rate limit ?

Depending on the way the rate-limiting is done, is it possible that
some important messages, like hardware failures, could not be sent
if the box is sustaining a really heavy port scan ?
If this is the case, is it possible to set a different priority to
each log facilitity ?

It'd be nice if people of Juniper could comment on both
issues.

Any help would be appreciated,

-- 
Jean BENOIT
Centre Réseau Communication
Université Louis Pasteur, Strasbourg


More information about the juniper-nsp mailing list