Information Technology Reference
In-Depth Information
F IG . 11. Syslog communication.
3. The server reads the packet header, finds the timestamp of the previous packet
and continues to download packets corresponding to that timestamp, in effect
repeating step 2, until it reaches the timestamp of a message already down-
loaded.
4. Having filled the message stack, the server can now process the data received
to write the messages into log files for the configured host.
5. After a brief wait, the server can check another of the configured hosts and
download new syslog messages. The waiting time must be brief enough to en-
able it to check all the hosts before the DNS cache expires (TTL).
Note that with a little tuning of the TTL, the DNS server cache will not be unneces-
sarily overpopulated since the old syslog messages sent to the client are automatically
deleted from the DNS daemon when the cache expires.
Search WWH ::




Custom Search