[bind10-dev] Rate limiting for logging?
Francisco Obispo
fobispo at isc.org
Thu Jul 18 18:33:12 UTC 2013
Suppressing is good, but also printing out a message every few seconds saying that you've suppressed that last message X times is VERY useful to detect anomalies.
On Jul 18, 2013, at 2:03 AM, Stephen Morris <stephen at isc.org> wrote:
> On 17/07/13 08:41, Michal 'vorner' Vaner wrote:
>
>>
>> If we care about the MESSAGE_ID only, we don't have this problem.
>
> I agree - just limit based on message ID. If it is suspected that a
> message is being output a large number of times as a result of a DoS
> attack, the requirement would be to suppress that message, regardless
> of parameters.
>
> Stephen
> _______________________________________________
> bind10-dev mailing list
> bind10-dev at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind10-dev
Francisco Obispo
Director of Applications and Services - ISC
email: fobispo at isc.org
Phone: +1 650 423 1374 || INOC-DBA *3557* NOC
PGP KeyID = B38DB1BE
More information about the bind10-dev
mailing list