Download presentation
Presentation is loading. Please wait.
Published byPhilip Alexander Modified over 6 years ago
1
Implementing the syslog Protocol on a Radlan router
Presented by Yossi Oren Academic Guide: Dr. Nissim Tsouri
2
About Radlan Radlan produces router hardware and software and licenses it to other companies Its customers are network ASIC developers, firewall vendors and ISVs Radlan was purchased by Marvell in March 2003
3
About Radlan’s Router Software
Coded in ANSI C, can be implemented on various CPUs, NSPs, hardware configurations Implements a layer 2 switch as well as a layer 3 router Advanced Quality of Service support for real time applications
4
Managing a Router There are many ways to manage a router
In normal operation, nothing manages the router
5
Reporting asynchronous events
Events can be informational, errors or even fatal: Network cable connected/disconnected Power supply failure Accessing an invalid memory address Events need to be reported to the network manager: Printout to the console, save a copy to Flash memory SNMP traps to notify the NMS /SMS/Beeper, etc.
6
The Problem – Technical Issues
Most events are only printed to screen and then discarded Saving events to flash slows the router down Event history is not available
7
The Problem – Human Issues
Error messages are written by programmers, not technical writers: Spelling errors Non-instructive messages API (application programming interface) used to report events is very complicated, so nobody uses it properly
8
The solution – the syslog module
Sends a copy of every message to an external server Runs in the background, doesn’t slow the router down Event history available through SNMP Messages are written by technical writers One consistent API to programmers
9
About the Syslog protocol
Initially an unofficial part of BSD Unix, later standardized by Cisco as RFC 3164 Very simple format – each message is sent in a single UDP payload Messages contain indication of source and severity Every Unix and Linux system comes with a syslog server (syslogd), Windows servers also available Disadvantages – unreliable, easy to intercept/forge, nonstandard implementations abound
10
Structure of the module
The syslog task lurks in the background Applications send the task messages quickly The task sends them on when CPU is idle
11
The message database Every group leader manages his group’s messages in a separate database Message format is a superset of printf Printf-like function implemented as a state machine Message database is bound at runtime, can be easily extended by third parties
12
Current use of the module
The syslog task is already in use in selling products Radlan has ported 80% of reporting to use the message database, other 20% handled through compatibility functions Syslog performs well under heavy load (4,000 logs/second), very useful to programmers and administrators
13
Future growth Reliable Syslog (Beepcore)
Authenticated Syslog (using hashes) Support for multiple languages
14
Questions?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.