Most efficient way of "dropping" garbage ?
We have a syslog-ng server, with many clients. One of these clients is suffering from DoS attacks. Since these are being logged, the syslog-ng server is also suffering ! I have created the following, temporarily :- destination d_null { file("/dev/null"); }; filter f_null { host("dummy.name.host.net"); }; log { source(net); filter(f_null); destination(d_null); flags(final); }; This solves the problem with disk usage, but there is still some significant CPU load. So, the question is, "Is there a more efficient method of ignoring/dropping messages ?" Should I be using pipe(), instead of file() ? -- Richard Armstrong
I have created the following, temporarily :-
destination d_null { file("/dev/null"); }; filter f_null { host("dummy.name.host.net"); }; log { source(net); filter(f_null); destination(d_null); flags(final); };
This solves the problem with disk usage, but there is still some significant CPU load. So, the question is, "Is there a more efficient method of ignoring/dropping messages ?"
Should I be using pipe(), instead of file() ?
Ouch. Yes, use pipe() ! file() appears to set the permissions upon opening the file. Thus /dev/null suddenly became crw-------, instead of crw-rw-rw- ! This doesn't appear painful until every user complains that they are suddenly unable to use perl, man, ... -- Richard Armstrong
participants (1)
-
Rich Armstrong