Syslog performance: Data modeling and transport

Syslog is one of the basic methods for event logging in computer networks. Log messages that are generated by syslog can be used for a number of purposes, including optimizing system performance, system auditing, and investigating malicious activities in a computer network. Considering all these attractive uses, both timeliness and reliability is needed when syslog messages are transported over a network. The unreliable transport protocol UDP was specified in the original syslog specification; later a reliable transport service based on TCP was also proposed. However, TCP is a costly alternative in terms of delay. In our previous work, we introduced the partially reliable extension of SCTP, PR-SCTP, as a transport service for syslog, trading reliability against timeliness by prioritizing syslog messages. In this work, we first model syslog data using real syslog traces from an operational network. The model is then used as input in the performance evaluation of PR-SCTP. In the experiments, real congestion is introduced in the network by running several competing flows. Although PR-SCTP clearly outperformed TCP and SCTP in our previous work, our present evaluations show that PR-SCTP performance is largely influenced by the syslog data size characteristics.

[1]  Yasuo Okabe,et al.  Reliable Streaming Transmission Using PR-SCTP , 2009, 2009 Ninth Annual International Symposium on Applications and the Internet.

[2]  Henning Schulzrinne,et al.  SCTP as a Transport for SIP , 2001 .

[3]  Rainer Gerhards,et al.  Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog , 2010, RFC.

[4]  Victor C. M. Leung,et al.  Applying PR-SCTP to transport SIP traffic , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[5]  Randall R. Stewart,et al.  Stream Control Transmission Protocol , 2000, RFC.

[6]  Stefan Lindskog,et al.  Priority Based Delivery of PR-SCTP Messages in a Syslog Context , 2010, AccessNets.

[7]  Jian Ma,et al.  The performance comparison of PRSCTP, TCP and UDP for MPEG-4 multimedia traffic in mobile network , 2003, International Conference on Communication Technology Proceedings, 2003. ICCT 2003..

[8]  Hiroshi Tsunoda,et al.  A Prioritized Retransmission Mechanism for Reliable and Efficient Delivery of Syslog Messages , 2009, 2009 Seventh Annual Communication Networks and Services Research Conference.

[9]  Fuyou Miao,et al.  Transport Layer Security (TLS) Transport Mapping for Syslog , 2009, RFC.

[10]  Massimo Villari,et al.  Using SCTP with Partial Reliability for MPEG-4 Multimedia Streaming , 2002 .

[11]  Luigi Rizzo,et al.  Dummynet: a simple approach to the evaluation of network protocols , 1997, CCRV.

[12]  Mitsuji Matsumoto,et al.  PR-SCTP for real time H.264/AVC video streaming , 2010, 2010 The 12th International Conference on Advanced Communication Technology (ICACT).

[13]  Michael A. Ramalho,et al.  Stream Control Transmission Protocol (SCTP) Partial Reliability Extension , 2004, RFC.

[14]  Sang Tae Kim,et al.  Performance of SCTP for IPTV Applications , 2007, The 9th International Conference on Advanced Communication Technology.