[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-opsec-logging-caps-03

To: opsec@ops.ietf.org
Subject: Re: draft-ietf-opsec-logging-caps-03
From: Roland Dobbins <rdobbins@cisco.com>
Date: Tue, 3 Jul 2007 23:55:46 +0700
In-reply-to: <02DD2A11-F531-4A78-89AE-BBF65630AE73@kumari.net>
References: <4684203D.5080402@juniper.net> <005e01c7bd7f$010d17c0$4c1ba788@familyroom> <02DD2A11-F531-4A78-89AE-BBF65630AE73@kumari.net>


On Jul 3, 2007, at 11:39 PM, Warren Kumari wrote:

One possible concern with rate-limiting syslog / SNMP / whatever isthat people will then try and generate non-critical events thatcause alerts to be generated in the hope that they can then slip amore nefarious event in and have it also be caught by the rate-limiter.

Possible, but hard to accomplish without inside knowledge (which iscertainly a possibility, of course).

What would be great would be, if there were a rate-limiter it wouldprioritize high severity messages over lower severity ones (whee!QoS for logs!).

How about multiple rate-limiters for each individual log-type, aswell as for each severity/informational level?


-----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice

       Culture eats strategy for breakfast.

               -- Ford Motor Company

Follow-Ups:
- Re: draft-ietf-opsec-logging-caps-03
  - From: Warren Kumari <warren@kumari.net>

References:
- draft-ietf-opsec-logging-caps-03
  - From: Ron Bonica <rbonica@juniper.net>
- RE: draft-ietf-opsec-logging-caps-03
  - From: "patrick cain" <pcain@coopercain.com>
- Re: draft-ietf-opsec-logging-caps-03
  - From: Warren Kumari <warren@kumari.net>

Prev by Date: Re: draft-ietf-opsec-logging-caps-03
Next by Date: Re: draft-ietf-opsec-logging-caps-03
Previous by thread: Re: draft-ietf-opsec-logging-caps-03
Next by thread: Re: draft-ietf-opsec-logging-caps-03
Index(es):
- Date
- Thread