[syslog-ng]syslog over TCP

[BONIKOWSKE, SCOTT]

--- Received from WPS.SBONIKOW (608) 226-2630                08-28-02 10=
21a

Hello,

I am new to syslog-ng, and I had a couple questions that I have not seen
answered before in the archives (from what I saw), and I was wondering i=
f
anyone out there could help. I hope this is the right area for these
questions.

First, Does TCP increase the load on the CPU alot over UDP? the situatio=
n
is, we are looking at using syslog-ng on a midsized company (overall abo=
ut
6,000+ people). we would like to monitor all syslog activity from NT,200=
0,
XP, HPUX, AIX, Cisco routers/switches/PIXs, linux. The windows machiens =
are
mostly file/application servers, the linux boxes are file/web/applicatio=
n
servers, the HPUX and AIX boxes are application servers also. There is a
lot of logging that will need to be watched because of security reasons
(including file access, logins, etc.), so we are expecting a lot of
traffic. The end goal will be to have all of the logs filtered by machin=
e
(in some cases even more granular than that like cisco errors going into
the main log, and a seperate error log for that machine, and an error lo=
g
for all networking devices), and maybe even searchable if I have enough
time.

I am only going into high detail above becase I would like to know opini=
ons
about using TCP vs UDP for load on the CPU, and to see if anyone else ha=
s
maybe done something like this themselves for a company close to the sam=
e
size.

Any help and comments would be welcome.


Thanks

Scott Bonikowske
Open Systems Analyst
WPS

---- 08-28-02 1021a ---- Sent to       ---------------------------------=
---
  -> syslog-ng@lists.balabit.hu