From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1R2GMX-0001FJ-QZ for garchives@archives.gentoo.org; Sat, 10 Sep 2011 05:44:22 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 255FB21C070; Sat, 10 Sep 2011 05:44:12 +0000 (UTC) Received: from ironport2-out.pppoe.ca (ironport2-out.teksavvy.com [206.248.154.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 4D38021C023 for ; Sat, 10 Sep 2011 05:42:52 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AuMKANX3ak5Ld/Wk/2dsb2JhbABCmUSIGoY6eYFSAQEFOhwzCzQSFCU3vWuGDmAEmF2HUoRC X-IronPort-AV: E=Sophos;i="4.68,360,1312171200"; d="scan'208";a="135473467" Received: from 75-119-245-164.dsl.teksavvy.com (HELO waltdnes.org) ([75.119.245.164]) by ironport2-out.pppoe.ca with SMTP; 10 Sep 2011 01:42:50 -0400 Received: by waltdnes.org (sSMTP sendmail emulation); Sat, 10 Sep 2011 01:43:06 -0400 From: "Walter Dnes" Date: Sat, 10 Sep 2011 01:43:06 -0400 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Filesystem with lowest CPU load, acceptable emerge performance, and stable? Message-ID: <20110910054306.GA7698@waltdnes.org> References: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: X-Archives-Hash: 77dba29e6c20720db37fb6a9c26b3e6e On Wed, Sep 07, 2011 at 12:26:15AM +0700, Pandu Poluan wrote > So, can anyone recommend me a filesystem that fulfills my following needs: > > Scenario: vFirewall (virtual Firewall) that is going to be deployed at > my IaaS Cloud Provider. > > Disk I/O Characteristic: Occasional writes during 'normal' usage, > once-a-week eix-sync + emerge -avuD > > Priority: Stable (i.e., less chance of corruption), least CPU usage. > > My Google-Fu seems to indicate either XFS or JFS; what do you think? Try "thinking outside the box". Do you really need more than extfs2? That should be the ultimate in low-overhead writing on the device. Another option is to send the log data out on UDP port 514 to be logged on another machine. A cute trick is to have /etc/conf.d/net as follows config_eth0=" 192.168.123.2/24 broadcast 192.168.123.255 routes_eth0=" default via 192.168.123.254 And then send the log data to the broadcast address 192.168.123.255 UDP port 514. Any computer with the same broadcast address can receive the log data. You can even have multiple computers sending out, and multiple computers receiving. One of the first things an attacker does after compromising a machine is to wipe the logs on that machine to cover his tracks. If the log data goes to multiple different machines, it will be much more difficult to wipe. Another strategy, on the paranoid side, is to have the router sending logs to a machine like 192.168.123.45, and also have a machine on a totally different IP address (e.g. 10.0.0.1) with its NIC set to "promiscuous mode", listen for and save the log data. -- Walter Dnes