netfilter log target kills the computer

Grant Taylor gtaylor at riverviewtech.net
Wed Aug 17 07:16:04 CEST 2005


Switch to ULOG instead of LOG as LOG relies on Syslog which was *NOT* meant for high volume traffic.  The other solution that I have proposed in the past is to set up TCPDump or Snort and have it sniff the headers out of packets and dump them to a log file and then post process said log file to extract what you are wanting and store it accordingly.



Grant. . . .

Ming-Ching Tiew wrote:
> Anyone notice that the log target is really too heavy ? 
> 
> I have seen various mishaviour to my Celeron 2.4 GHz
> machine ( fully dedicated as a firewall machine ) if I turn
> on logging. I am not sure if it is due to netfilter logging per se
> or due to me running syslogd to remote the log messages over 
> the network. But in any case, once there is heavy iptabbles logging
> activities, the machine totally misbehaves. 
> 
> Besides the most obvious solutions ( ie to turn it off or get a faster 
> computer ), any words of advise or recommendation ?
> 
> Cheers.




More information about the netfilter mailing list