--- Received from WPS.SBONIKOW (608) 226-2630 08-28-02 1021a Hello, I am new to syslog-ng, and I had a couple questions that I have not seen answered before in the archives (from what I saw), and I was wondering if anyone out there could help. I hope this is the right area for these questions. First, Does TCP increase the load on the CPU alot over UDP? the situation is, we are looking at using syslog-ng on a midsized company (overall about 6,000+ people). we would like to monitor all syslog activity from NT,2000, XP, HPUX, AIX, Cisco routers/switches/PIXs, linux. The windows machiens are mostly file/application servers, the linux boxes are file/web/application servers, the HPUX and AIX boxes are application servers also. There is a lot of logging that will need to be watched because of security reasons (including file access, logins, etc.), so we are expecting a lot of traffic. The end goal will be to have all of the logs filtered by machine (in some cases even more granular than that like cisco errors going into the main log, and a seperate error log for that machine, and an error log for all networking devices), and maybe even searchable if I have enough time. I am only going into high detail above becase I would like to know opinions about using TCP vs UDP for load on the CPU, and to see if anyone else has maybe done something like this themselves for a company close to the same size. Any help and comments would be welcome. Thanks Scott Bonikowske Open Systems Analyst WPS ---- 08-28-02 1021a ---- Sent to ------------------------------------ -> syslog-ng@lists.balabit.hu