topic Re: Pix 515 stop responding enabling logging in Network Security

Pix 515 stop responding enabling logging

ermanno.boldi — Fri, 21 Feb 2020 06:43:38 GMT

Hi everyone ! I've got a PIX 515E (ios version 6.2(2), pdm version (2.1) 32Mb ram).

Enabling logging and monitoring results (both from pix itself or sending to syslog server) Pix stop responding and give me some messages like:

PIX IS DISALLOWING CONNECTIONS. The only way to re-establish normal conditions is to disable anykind of logging and reload PIX.

Which kind of problem could be ? Memory lack ? Ios bug ?

Thank you very much.

Herman

Re: Pix 515 stop responding enabling logging

mostiguy — Wed, 07 May 2003 15:11:21 GMT

Are you using tcp logging? Do a "write t" , and look for the "logging host" line. If it says tcp, then whenever the pix cannot log to the logging server, it will block connections. What are you using as a syslog server? Doing standards based UDP logging does not have this "feature"

Re: Pix 515 stop responding enabling logging

ermanno.boldi — Wed, 07 May 2003 17:58:19 GMT

Thank you for your answer. I'm using kiwi as syslog server and i'm using a tcp logging. Do you advise me to use UDP rather than TCP ?

I'm not sure but I think tcp is the default type of loggin connection in PIX

Bye

erman

Re: Pix 515 stop responding enabling logging

t.zelenik — Wed, 07 May 2003 20:35:34 GMT

I had the exact same issue yesterday, with the same results. I am also running 6.22....

Re: Pix 515 stop responding enabling logging

mostiguy — Wed, 07 May 2003 22:46:07 GMT

Some people feel tcp logging is a bit more secure. But if you use it, you need to figure out how to keep the logging server running 24x7, or else expect these incidents.

Re: Pix 515 stop responding enabling logging

apriore685 — Thu, 08 May 2003 12:42:16 GMT

On any version of the pix if you choose to log via TCP and the syslog server is not reachable from the pix for any reason your pix will stop passing traffic. With Kiwi choose to use UDP and you will be fine. I have had a pix logging to a Kiwi server (desktop running 2000server) for at least a year now and no issues.

Re: Pix 515 stop responding enabling logging

ermanno.boldi — Thu, 08 May 2003 16:52:50 GMT

Hi everybody !! Thank you very much for your support.

I will try to use UDP logginging and I will keep you informed.

Thanks

Herman

Re: Pix 515 stop responding enabling logging

jmontgom61 — Thu, 15 May 2003 22:38:16 GMT

Same issue. I was going to post this exact same thing and then found this thread. I am using a PIX 515 and software v5.1(2). I have tried using a command like "logging host dmz 10.x.x.x" which should use the default of udp/514, and I too get this blocking behavior. I am using PFSS as the syslog server.

First time I tried to turn on logging it was with TCP and a level of "debugging": a bad idea, which brought the PIX down. The second time, I removed the existing "logging host" command and entered a new one using the default protocol and port (i.e. I did not specify any protocol/port, so it should have defaulted to udp/514) and tried "logging trap informational" I got about 15 log messages (progress, at least!) before I tried a ping through the PIX and it again shut down, blocking out all traffic. Both times someone had to telnet from inside and reload it.

Is it possible that when I don't specify the protocol and port, it is actually defaulting to TCP? When I do "show logging" it does not say.