19 May
2004
19 May
'04
11:52 a.m.
We have a syslog-ng server, with many clients. One of these clients is suffering from DoS attacks. Since these are being logged, the syslog-ng server is also suffering ! I have created the following, temporarily :- destination d_null { file("/dev/null"); }; filter f_null { host("dummy.name.host.net"); }; log { source(net); filter(f_null); destination(d_null); flags(final); }; This solves the problem with disk usage, but there is still some significant CPU load. So, the question is, "Is there a more efficient method of ignoring/dropping messages ?" Should I be using pipe(), instead of file() ? -- Richard Armstrong