Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
431
Views
3
Helpful
2
Replies

Missing log from fwsm

justinvo
Level 1
Level 1

‎02-26-2007 05:09 PM - edited ‎03-09-2019 05:28 PM

Hi,

I noticed that some of our fwsm traffic log is not appearing in the syslog server. I noticed in the show logging queue, it's reporting discard messages like below:

fwsm# sh logg que

Logging Queue length limit : 512 msg(s), 921036 msg(s) discarded.

Current 512 msg on queue, 512 msgs most on queue

fwsm# sh logg que

Logging Queue length limit : 512 msg(s), 921654 msg(s) discarded.

Current 512 msg on queue, 512 msgs most on queue

Does anyone know what it mean by this ? I have tried to increase the queue to 2048 but after a few minutes, it start to fill up and discard message counter increase. I tried to set unlimited but the Current Msg counter keep increment without going down. Does this mean the fw is dropping or the syslog server is too slow to serve ?

Any comments or ideas are welcome

Thanks

Justin Vo

Labels:
0 Helpful
2 Replies 2

IWAN HOOGENDOORN
Level 1
Level 1

‎02-28-2007 12:45 AM

Hi,

Disable local logging ...

Only test with logging trap 4 and then with trap 7.

Check your logging server and check trough a repeated ping if the connection is not dropping.

If you find this post usefull

please don't forget to rate this

#########################################

#Iwan Hoogendoorn

#########################################

justinvo
Level 1
Level 1
In response to IWAN HOOGENDOORN

‎02-28-2007 02:38 AM

I have done some tests and what i found is the logging console 7 seem to be the cause. I turned it off and the queue reduced down to 0.

0 Helpful
Customers Also Viewed These Support Documents