Date: Tue, 16 May 2000 15:46:18 +0100 (BST) From: jpmg@eng.cam.ac.uk To: robert@namodn.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: access logging via syslog ( apache ) Message-ID: <200005161446.27130@tulip.eng.cam.ac.uk>
next in thread | raw e-mail | index | archive | help
> On the other hand, is there any userland way to force > a daemon to use TCP rather than UDP? Is there something > essential about UDP that syslog cannot do without? As I remember it, the reason why you want syslog to use UDP is so that it can get on and handle the next request. If syslog starts blocking (which it would if you required reliable delivery to a remote syslogd, unless you go multithreaded locally), then all hell breaks loose on your local machine, since things that are attempting to syslog stuff now block. This is not somewhere you want to go. The downside is unreliability (and this certainly suggests that one shouldn't be using syslog to a remote machine for security-relevant logging, despite the advantage that you can secure a remote syslog host up to the eyeballs, since network congestion is probably one of the easiest things for an attacker to trigger). The solution is, I suppose for syslog to use a reliable transport (or implement a reliable transport over UDP), and to go multithreaded. Even if you do this, though, you'd want to add the ability to require some facilities (auth springs to mind) to be syslogged synchronously (ie the syslog() call wouldn't return until the logging had been successfully completed). Hmmm. I feel a son-of-syslogd project coming on ... 8-) -patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005161446.27130>