Re: Syslog problem with TCP port in PIX

wongsusanto · ‎01-15-2002

Hi All,

Did someone ever encounter PIX problem when the pix configured for the syslog server with tcp port ?

I encountered this problem when I configured the pix for syslog server with tcp port..the command is logging host <in_if> <host_ip> [tcp/port_number].

Actually there is no problem when the syslog server was up. But when I shut down the server..the pix suddenly can not route packet from inside to outside..but if I did pinging from pix to outside and inside are ok..only if I pinged from inside network, servers which are in inside network, the packets are stopped at pix. the pix image version is 5.1(2). is there any bugs on that version ??

I will really appreciate if some one can helps...

thanks and regards

r-simpson · ‎01-21-2002

Yes, we ran into this awhile back. We ended up switching back to a UDP logging host but I would guess Cisco fixed this in newer versions.

b-krigeris · ‎01-29-2002

I got this from this URL: http://www.cisco.com/warp/public/110/pixsyslog.html

In PIX Software versions 4.3.X and later, you can also do TCP syslog. PFSS supports this; most other syslog servers do not support it without reconfiguration. The command to enable PIX to do PFSS TCP logging is:

logging host #.#.#.# tcp 1740

Note: Because this traffic is TCP (that is, with acknowledgments), if the PFSS goes down, traffic through the PIX will stop; for that reason, the tcp syslog command should not be implemented unless you need this kind of functionality! UDP/514 syslogging does not have this effect.