Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
845
Views
4
Helpful
5
Replies

Pix 515 failover inside interface have log

khchiang
Level 1
Level 1

‎09-11-2002 04:54 PM - edited ‎02-20-2020 10:14 PM

Dear all,

I have failover 515 Pix, the logging configure as follows:

[logging on

logging standby

logging buffered debugging

logging trap debugging

logging host inside 210.177.52.33]

in pix menu, if logging standby will created doubles the amount of traffic on the syslog server. My syslog server have logging on failover interface

Sep  5 00:00:23 [200.177.52.38.2.2] %PIX-6-302002: Teardown TCP connection 4011054 faddr 209.76.11.109/1147 gaddr 200.177.52.51/110 laddr 200.177.52.51/110 duration 0:00:01 bytes 222 (TCP FINs)

Sep  5 00:00:23 [200.177.52.39.2.2] %PIX-6-302002: Teardown TCP connection 4011054 faddr 209.76.11.109/1147 gaddr 200.177.52.51/110 laddr 200.177.52.51/110 duration 0:00:01 bytes 222 (TCP FINs)

Sep  5 00:00:41 [200.177.52.39.2.2] %PIX-6-302001: Built inbound TCP connection 4011055 for faddr 213.85.169.211/26181 gaddr 200.177.52.51/110 laddr 210.177.52.51/110

Sep  5 00:00:42 [200.177.52.38.2.2] %PIX-6-302001: Built inbound TCP connection 4011054 for faddr 213.85.169.211/26181 gaddr 200.177.52.51/110 laddr 200.177.52. 51/110

200.177.52.38 is primary inside interface

200.177.52.39 is failover inside interface

Please vertify about log is right or not.

many thanks

KH

0 Helpful
5 Replies 5

pgolding
Level 1
Level 1

‎09-11-2002 09:41 PM

logging standby makes the standby pix send all syslogs, as well as the active pix sending. this will cause duplicate entries in the log.

khchiang
Level 1
Level 1
In response to pgolding

‎09-12-2002 09:15 PM

Hi,

you mean that I clear the syslog standby is better than before, so I only get the once active logging.

thanks

0 Helpful

ggersch
Level 1
Level 1
In response to khchiang

‎09-14-2002 12:21 PM

The only reason log from the standby is if you are having issues with the standby pix and/or failover. With logging standby disabled, you won't get any log messages from the secondary box, even messages that the standby pix originates.

You usually don't want to leave logging standby enabled so that all messages aren't duplicated. Just turn it on if you really need to troubleshoot things.

Greg

0 Helpful

khchiang
Level 1
Level 1
In response to ggersch

‎09-15-2002 10:25 PM

Greg,

Many thanks for your advise,

best regards

Kh

0 Helpful

bs0000554
Level 1
Level 1

‎09-18-2002 03:41 PM

with all this "debugging" turned on , you are downning your firewall !

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card