[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  naverxp at yahoo dot com dot sg
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Download the log files on m0n0 system (exec.php)
 Date:  Sun, 27 Feb 2005 20:21:12 -0500
On Mon, 28 Feb 2005 07:36:19 +0800, John <naverxp at yahoo dot com dot sg> wrote:
> Hm, thanks.
> Do you suggest CF then? Once a DDoS comes through for sometime, wouldn't
> the write-time run out? heh.

Either is probably equally suitable.  You waste less space on a CF,
but they're of roughly equal cost when you factor in a CF to IDE

Write time run out?  On syslog you mean?  If your syslog box isn't
fast enough to write all the logs to disk, then you'll end up with
some dropped logs (it's UDP, so no guarantee it'll even get received
much less written to disk).  Personally if I'm getting DDoS'ed, the
last of my concerns would be losing a handful of logged packets out of
a few million.  I think you'll still have enough logs to get the idea.