Hi,
> A lot of people before you did and a lot of people after you would use
> logs, and I think it's not that sharp to think that you're smarter then
> all of them. You might wanna think some things over, and guess, that if
> you're the only one who doesn't use logs, and everybody else does, then
> it might probably be a problem with you..
Never said I dont Log or need them. I onl wanted to make clear that you have
to calculate the work/costs of additional log processing against the win.
In Situations you have to protect financial transactions its clear that you
have to be as secure as possible. But a small Firewall of a 10 ppl Design
Bureau protecing the surf PCs from evil Internet wont get its logs read,
ever.
Another problem, nobody could give me an answer. Which reliable Methods for
Logging remote do exist? UDP Syslog is a ugly hack which can be overrun. TCP
extensions for pulling syslogd is nice, but there are no hooks for stoping
actions in case of a broken log-link. And Services which use logfiles
instead of syslog are not covered. On heavyly loaded Server Systems logging
is a big issue. Loggin on News, Mail, Proxy Servers can make a Sytem break
down (this is true for sync and unsync local syslog writes on news and
sendmail hosts, and it is true for local logfile appends on Web Proxies for
Large Scale Instalations. I suppose its true for Proxies on
Application-Level-Firewalls at some Heavy Usage.)
Greetings
Bernd
PS: is there anyone with Experiences on the IP-Logger Arcus?
|
|
