You are here
Perimeter filter logging
Description: Review the (minimal!) logging that's done by our perimeter filters, and consider what our options might be. Maybe implement something.
Deliverables: Review; maybe more comprehensive logging.
Customer: COs; self-managed managers
Case statement: At the moment we log very little from our perimeter filters, as we know from experience that trying to kprintf() too much can cause more trouble than it's worth. This isn't ideal, and we do get a steady trickle of requests asking about log entries which we can't answer. We could move to userspace logging instead, with a bit of implementation effort. The question is, is it worth it?
And if we do, what kind of additional logging might we want for our own purposes?
Status:
Timescales: It should be possible for someone familiar with iptables to review the options in a week. Implementing something could easily take another three weeks, depending on what's required.
Priority:
Time:
Proposal:
Resources:
Plan: Evaluation: look at how much more logging would be desirable and how expensive it would be to provide. Implementation: if we decide to do something more than now, do it.
Dependencies:
Risks:
Milestones
| Proposed date | Achieved date | Name | Description |
|---|