Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
0
Helpful
4
Replies

PIX syslog servers

abevers
Level 1
Level 1

‎08-10-2005 10:16 AM - edited ‎02-21-2020 12:19 AM

Our pix is sending syslog messages to two servers. The servers archive messages every hour. Why would one server have 2% larger files than the other? Does the pix have a first choice server? thanks

0 Helpful
4 Replies 4

Solace
Level 1
Level 1

‎08-10-2005 10:22 AM

Is your syslog software configured the same on both machines? They could be logging at different log levels. The same goes for the PIX, it can log at different log levels to different syslog servers.

0 Helpful

abevers
Level 1
Level 1
In response to Solace

‎08-16-2005 10:40 AM

The software (Kiwi) is configured the same but the machines are not. One is an XP workstation and one is a 2003 server. Is there a way to tell if messages are being dropped? maybe compare message count on the pix with message count on the servers?

0 Helpful

jphilope
Level 3
Level 3
In response to abevers

‎08-16-2005 12:40 PM

Are both disk partitions NTFS or FAT? If they are different file structures, then that would clearly explain it. It might also be the file structure on the server versus workstation. All things being equal, you should expect equal file sizes, but all things are not equal in your configuration.

0 Helpful

tbissett
Level 1
Level 1

‎08-16-2005 12:55 PM

Also, don't forget that unless you are using syslog over TCP, syslog is based on UDP (i.e. "spray and pray"). There is no guarantee of delivery with UDP, so occasional messages could be dropping within your network.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card