From owner-freebsd-questions Fri Nov 16 23:44:40 2001 Delivered-To: freebsd-questions@freebsd.org Received: from rambo.simx.org (rambo.simx.org [194.17.208.54]) by hub.freebsd.org (Postfix) with ESMTP id 43E3737B405 for ; Fri, 16 Nov 2001 23:44:35 -0800 (PST) Received: from rambo.simx.org (rocky [192.168.0.2]) by rambo.simx.org (8.11.6/8.11.6) with ESMTP id fAH7iGZ60080; Sat, 17 Nov 2001 08:44:17 +0100 (CET) (envelope-from listsub@rambo.simx.org) Message-ID: <3BF615C9.8040401@rambo.simx.org> Date: Sat, 17 Nov 2001 08:46:17 +0100 From: "Roger 'Rocky' Vetterberg" Reply-To: listsub@rambo.simx.org User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: null MIME-Version: 1.0 To: brain_damaged@florida-wireless.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: syslog dedicated machine References: <200111151447.AA2516975816@florida-wireless.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG brain_damaged wrote: > Hello Anyone, > after reading the security page I am thinking of > putting it like it said with one machine doing just the logging. I was wondering what the machine requirements would be for just running the syslogd ? > > Alot of hard space I would imagine but would a alot of memory and process be needed ? > I have a p-100 sitting here with two big drives but It doesn't have much memory. 16 megs I think. That should do just fine. > also what would happen if the syslog machine was down and the others could not talk to it. > I have two postfix machines and one machine running apahce,mysql,php,phpnuke ? > would they lockup or stop functioning ? Syslog uses UDP, which is basically a "send and pray" protocoll, so I dont even think those machines would notice if the logserver was down. They would probably happily keep sending their logs. It could be a good idea to keep a local copy of the logfiles on each machine, as well as sending them to the logserver. Keep in mind that syslogd sends its logs over the network in plain text, totally unencrypted. If this is a public network you might want to look at setting up some kind of encryption tunnel between the servers. > thansk > -- R To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message