Thank you for your answer. I'm using kiwi as syslog server and i'm using a tcp logging. Do you advise me to use UDP rather than TCP ?

I'm not sure but I think tcp is the default type of loggin connection in PIX

Bye

erman

I had the exact same issue yesterday, with the same results. I am also running 6.22....

Some people feel tcp logging is a bit more secure. But if you use it, you need to figure out how to keep the logging server running 24x7, or else expect these incidents.

On any version of the pix if you choose to log via TCP and the syslog server is not reachable from the pix for any reason your pix will stop passing traffic. With Kiwi choose to use UDP and you will be fine. I have had a pix logging to a Kiwi server (desktop running 2000server) for at least a year now and no issues.

Hi everybody !! Thank you very much for your support.

I will try to use UDP logginging and I will keep you informed.

Thanks

Herman

Same issue. I was going to post this exact same thing and then found this thread. I am using a PIX 515 and software v5.1(2). I have tried using a command like "logging host dmz 10.x.x.x" which should use the default of udp/514, and I too get this blocking behavior. I am using PFSS as the syslog server.

First time I tried to turn on logging it was with TCP and a level of "debugging": a bad idea, which brought the PIX down. The second time, I removed the existing "logging host" command and entered a new one using the default protocol and port (i.e. I did not specify any protocol/port, so it should have defaulted to udp/514) and tried "logging trap informational" I got about 15 log messages (progress, at least!) before I tried a ping through the PIX and it again shut down, blocking out all traffic. Both times someone had to telnet from inside and reload it.

Is it possible that when I don't specify the protocol and port, it is actually defaulting to TCP? When I do "show logging" it does not say.