Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1507
Views
0
Helpful
3
Replies

ESA IronPort C190 ver: 10.0.0-203

steven2018
Level 1
Level 1

‎07-01-2019 10:43 AM - edited ‎07-01-2019 10:56 AM

Syslog internal buffer overflow. Some data may be dropped. this may be because server () is not accepting data fast enough or because data is being generated more quickly than can be accommodated by the syslog protocol. Is there a Cisco Bug associated with the ESA like the Cisco Web Security Appliance Bug CSCve96173?

Labels:
0 Helpful
3 Replies 3

Ken Stieers
VIP
VIP

‎07-01-2019 11:51 AM

Yes. CSCve18276, CSCvg34484 look to be related/similar.




0 Helpful

steven2018
Level 1
Level 1
In response to Ken Stieers

‎07-01-2019 12:34 PM

Thanks Ken. 

0 Helpful

Paul Thomas Cyblue
Level 1
Level 1

‎07-03-2019 03:42 AM

We have all logs via Syslog TCP on very heavy servers. Including LDAP Debug and SMTP logs.
Do not try UDP - that simply hides the issue and data loss.

The problem is as it states, the receiver is not fast enough ( Rsyslog queues forming or not enough TCP threads or heavy logging server that needs another NIC etc.)
There is no bug as such, just an enhancement to follow WSA capability. It would be good for a larger buffer in times of small outages - as even a Load-balancer takes a while to figure out a destination Syslog server is down.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents