[syslog-ng] program1 destination

Bryan Henderson bryanh at giraffe-data.com
Mon Jan 22 17:27:18 CET 2007

>It will be extremely easy to DoS the server
>if you have, say 10 MSGs of your kind in a second (or 100, or 1000).

Isn't that a problem in syslog-ng even without forking?  I can see that
forking means you can exhaust system resources with fewer messages, but
there's no limit on how many messages syslog-ng can be made to handle,
is there?

I've long thought there should be some throttling of syslog activity;
I haven't looked recently to see if syslog-ng provides any facilities
for that, but whatever is right for logging to a file should be right
for logging via fork, just with different numbers.

>spawning a new process per MSG is probably a big overhead for

The overhead is insignificant in my case because 1) the cost of that
one fork is a fraction of what is ultimately required to deliver an
email; and 2) there would not normally be more than 1 per day.

Bryan Henderson                                   San Jose, California

More information about the syslog-ng mailing list