You are here

Perimeter filter logging

Project ID: 
133
Current stage: 
Manager: 
Unit: 
What: 

Description: Review the (minimal!) logging that's done by our perimeter filters, and consider what our options might be. Maybe implement something.

Deliverables: Review; maybe more comprehensive logging.

Why: 

Customer: COs; self-managed managers

Case statement: At the moment we log very little from our perimeter filters, as we know from experience that trying to kprintf() too much can cause more trouble than it's worth. This isn't ideal, and we do get a steady trickle of requests asking about log entries which we can't answer. We could move to userspace logging instead, with a bit of implementation effort. The question is, is it worth it?
And if we do, what kind of additional logging might we want for our own purposes?

When: 

Status:

Timescales: It should be possible for someone familiar with iptables to review the options in a week. Implementing something could easily take another three weeks, depending on what's required.

Priority:

Time:

How: 

Proposal:

Resources:

Plan: Evaluation: look at how much more logging would be desirable and how expensive it would be to provide. Implementation: if we decide to do something more than now, do it.

Other: 

Dependencies:

Risks:

Milestones

Proposed date Achieved date Name Description