Home
Reviews
News
Features
Group Tests
Top 10
Forums
A-List
Downloads
Business
Lifestyle
Magazine
Popular Searches:
windows
,
free
,
asus
Mobile Edition
|
Login
|
Register
|
Newsletters
|
Sitemap
|
RSS
Tuesday December 1, 2009 8:35 PM AEST
PC Authority
>
Features
>
Mastering Syslog on small networks
24
«
1 - Introduction
Page 2
Page 3
»
FEATURE
Mastering Syslog on small networks
by
Steve Cassidy
on Aug 16, 2006
Tags:
systems
|
management
Related Articles
Advanced networking for small business
Feeling Good
The Ultimate PC Upgrade Guide - Part 1: Motherboards
Latest Features
3D coming to a screen near you
Top 10 amazing research projects
Laptop buyers guide: all you need to know to pick your perfect laptop
Is email wasting your day? The two-minute rule for Outlook, and other tips to feel like you've achieved something each day
The Sorcerer’s Apprentice
Snare converts Windows Event Viewer entries into Syslog messages and uses rules to limit the quantity of delivered messages.
As any Disney fan will know, there’s an animated version of this fable with the music provided by Dukas, as Mickey Mouse discovers that a good idea to fix a short-term problem can turn into a very bad idea once it encounters the march of time. Syslog reporting can be a good deal like that.
For example, I’ve a firewall that will report in Syslog format, and everything it considers an event – whether it’s an intrusion attempt or a service without a redirector target – gets thrown into the Syslog file, hosted on a nearby Windows server. Believe it or not, I have that Syslog server set to close the old file and open a new one every 100MB (yes, megabytes). It typically opens three or four such files a week. Leave it for a month and you have roughly 2.8GB of Syslog messages – and that’s just one firewall.
This is where the apprentice makes his mistake. When persistent problems strike, diagnosis of what causes the niggling failure can make you think that you should monitor every last packet and twitch that passes through the network or hits the device in question.
For example, let’s say your router or your print server crashes every morning at 5.30am. You don’t want to get up to watch it, you’re fairly sure there’s nobody in the building from the CCTV tapes, and you want to start watching the device from about 3am. I’ve heard of a few hard-core techies watching this kind of situation with a copy of Ethereal (www.ethereal .com), but this isn’t the solution for everyone. Ethereal produces volumes of data that makes Syslog look anaemically under-endowed and depends on long years of experience in assembling packet filters with which to cut down the blizzard of data. You don’t want to see the parity bits in the head and tail of the IP encapsulation of the packet that hits your device 5,000 times in two seconds: what you want is your device to say “buffer overflow due to time zone error” (to quote one example that still scars me) just at that exact right moment.
It’s far simpler to only monitor messages arising from a device with some brains included than it is to wash through all the traffic that incorporates that device. The process is made even more complex, in these times of smart central network switches, by the need to arrange your Ethereal monitor machine on a simple LAN hub with the thing it’s monitoring. Even this relatively humble, almost plain-electrical requirement can have pitfalls – I’ve seen one network reduced to a crawl for months because someone elected to monitor with Ethereal and then forgot to take the server off the 10Mb hub they’d used to permit Ethereal to eavesdrop.
The lesson from my firewall, however, is that, like the Sorcerer’s Apprentice, you can find that turning on all the reporting options simply drowns you in data. For even a small business network, Syslog generators can trivially compose a database that is in reality your largest data store, in terms of number of transactions and horsepower required, to extract a meaningful report.
The rule is: the duller the web page the more valuable the information it presents. At www.precision-guesswork.com there's a comprehensive list of setup guides for generating syslog messages.
Kiwi Syslog applying filters. Better done on the source device, but if you have no other choice...
Copyright © 2009 Dennis Publishing
«
1 - Introduction
Page 2
Page 3
»
Email this
Print this
Tweet this
Send us your tips
Back to top
Ads by Google
Comments
Be the first to comment on this article.
Thoughts on this article? Add a comment below.
Login
or
register
to submit a comment.
Top Stories
Three's a crowd: Microsoft invites the whole family to share Windows 7 discount
Microsoft is offering substantial discount deals on Windows 7 Home Premium packs for families (up to 3 licences) for under $250.
The greatest tech U-Turns of all time: Micosoft and the Internet
Believe it or not, but Microsoft weren't always so web friendly. In fact, it was Bill Gates who initially panned the internet and Microsoft's future in it. So what turned it all around?
Dell's Studio 17 packs a big screen for a big peformance - pity on the big price
Packed with features, only its value for money lets it escape without an award this month
Popular
Most Discussed
32 Reasons why PCs are Better than Macs
Web's Best 50 Free Downloads
5 Free Linux Apps You Can't Do Without
5 More Free PC Apps You Can't Do Without
My life with Linux: Day 1 - The daily ups and downs of switching to open source
5 More Free Linux Apps You Can't Do Without
Microsoft Windows XP Service Pack 3
iiNet joins ISPs offering TiVo all-you-eat broadband
Naked DSL Buyer's Guide
Adobe Flash Player 9.0.28
32 Reasons why PCs are Better than Macs
(74)
My life with Linux: Day 2 - The daily ups and downs of switching to open source
(21)
AMDs Athlon II X4 620 is the best value quad core CPU you can buy
(16)
New Apple iMac with high-res screen, bigger processor and Magic Mouse
(14)
Windows 7 can't stop Mac OS X
(11)
My life with Linux: Day 4 - The daily ups and downs of switching to open source
(11)
Parallels adds Win 7 support in Desktop 5 for Mac
(10)
Telstra confirm 30Mbit national network plan - but don't mention the NBN
(7)
Top 10 worst Microsoft products of all time
(6)
Move over Apple, Dell's Adamo is irresistible value for a luxury laptop
(6)
follow us on Twitter
Plan Finder
Powered by
WhistleOut
Mobiles
Deals
Broadband
1)
Apple iPhone 3GS 16GB
35 plans
7%
2)
Apple iPhone 3GS 32GB
35 plans
8%
3)
Nokia N97
42 plans
8%
4)
Blackberry Curve 8520
6 plans
6%
5)
Blackberry Bold 9000
14 plans
6%
iiNet Broadband
Reader's Hotline
Wow. iiNet's fast broadband is popular! Special number for our readers
1300 432 818
.
3 Months Free
Virgin Mobile!
A great direct deal which saves you over 12%!
Deal Alert
Save on iPhone!
Hot new offer hits the market.
$50
off the iPhone with 3 Mobile.
New Optus
$29 Cap Plan
Blackberry for $0 upfront over 24 months.
Act fast!
1800 300 808
Nokia N97
With Vodafone
Get 1 month FREE access fees and 500MB of data on a 24 month contract. More details from Vodafone.
Nokia 6710
With Vodafone
Get 2 months FREE access fees on a 24 month contract. More details from Vodafone.
PlayStation®3
With Optus
Get broadband, home phone and PlayStation®3 from Optus.
Be quick!
1800 076 977
Christmas Gift
Guide - Mobiles
Beat the lines this Christmas and save money.
Visual Voicemail
With iPhone
Get an iPhone, 1GB of data, free weekends and visual voicemail with Vodafone.
«
1
of
»
1)
iiNet
32 plans
8%
2)
Netspace
33 plans
11%
3)
Internode
34 plans
11%
4)
Optus
47 plans
13%
5)
Telstra BigPond
25 plans
5%
Compare:
Mobiles
|
Broadband
PC Authority