Re: Dynamic IP log retention = 0?

2009-03-15 Thread Martin Hannigan
A finely tuned killfile that remains mostly static once defined works wonders across all threads and fairly well. Best, Marty On 3/15/09, Marshall Eubanks wrote: > > On Mar 15, 2009, at 1:20 AM, Charles Wyble wrote: > >> Can we please get this thread closed or something? >> > > Maybe we shoul

Re: Anyone using any Linux SSL proxies?

2009-03-15 Thread Stuart Henderson
On 2009-03-15, Mike Lyon wrote: > Howdy, > > I am wondering what folks are recommending/using these days for Linux SSL > proxies? I need to build a linux box that basically acts as an SSL offloader > would (like a BigIP / Cisco ACE / Netscaler would do). Listen on port 443, > decrypt the SSL and t

Re: Dynamic IP log retention = 0?

2009-03-15 Thread William Allen Simpson
Marshall Eubanks wrote: Maybe we should start the nanog-law mailing list. Maybe we should stick to the operational "Subject" at hand: log retention? Is there any disagreement that everybody SHOULD keep dynamic assignment logs for at least 36 hours as a Best Current Practice? Is there any evi

Re: Anyone using any Linux SSL proxies?

2009-03-15 Thread Adrian Chadd
On Sun, Mar 15, 2009, Michael K. Smith wrote: > We use Apache with mod_security and mod_proxy to do this, although the > application is more as an application layer firewall than an SSL offloader. > It works well for lower traffic applications; I haven't tested it under the > loads that are advert

Re: Anyone using any Linux SSL proxies?

2009-03-15 Thread Michael K. Smith
Hello Mike: On 3/14/09 9:56 PM, "Mike Lyon" wrote: > Howdy, > > I am wondering what folks are recommending/using these days for Linux SSL > proxies? I need to build a linux box that basically acts as an SSL offloader > would (like a BigIP / Cisco ACE / Netscaler would do). Listen on port 443,

Re: Dynamic IP log retention = 0?

2009-03-15 Thread Marshall Eubanks
On Mar 15, 2009, at 1:20 AM, Charles Wyble wrote: Can we please get this thread closed or something? Maybe we should start the nanog-law mailing list. Jim Popovitch wrote: On Sat, Mar 14, 2009 at 23:17, Joe Greco wrote: "Looking around" Rockefeller Center generally isn't a crime. "Look

Re: Netflow on SUP720-3BXL

2009-03-15 Thread Jon Lewis
On Sun, 15 Mar 2009, Andy Bierlair wrote: Im trying to run netflow on one of our Cisco core routers (SUP720-3BXL), but I think I am hitting some limitations because of this: %EARL_NETFLOW-SP-4-TCAM_THRLD: Netflow TCAM threshold exceeded, TCAM Utilization [99%] TCAM Utilization :

Re: Netflow on SUP720-3BXL

2009-03-15 Thread Nick Hilliard
On 15/03/2009 01:55, Andy Bierlair wrote: I’m trying to run netflow on one of our Cisco core routers (SUP720-3BXL), but I think I am hitting some limitations because of this: Sounds about right for the amount of traffic you're pushing through the box. The SUP720 is a very poor netflow platfor

Re: Netflow on SUP720-3BXL

2009-03-15 Thread Olof Kasselstrand
Have a look at http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801b42bf.shtml#prob1a // Olof On Sun, Mar 15, 2009 at 3:20 AM, Andy Bierlair wrote: > yes ip cef, this is enabled: > >  IP fast switching is enabled >  IP fast switching on the same interface is disab