10-11-2002 01:01 AM - edited 03-09-2019 12:38 AM
Hi,
I tried yesterday to send log on a Kiwi Server on a DMZ, on port TCP 1468.
First I didn't get any message then the PIX stopped to allow any connection ->
I got the message (on pix, buffer), PIX Disallow any connection, I had to stop the syslog service (trap) and reboot the PIX.
Had someone the same Problem and how did he fix it?
Thanks, Gael
10-11-2002 03:59 AM
Hi Gael,
You should NOT be using TCP for sending syslogs. TCP syslogging is only used with the PFSS syslog server and is designed for those users who want their PIX to stop passing traffic if connectivity is lost to the syslog server.
Consequently, you will probably want to change your logging to udp.
logging host
Here's an excerpt of the relevant documentation on the pix logging command, as well as a link:
Logging
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#xtocid15
Usage Guidelines
If you are using TCP as the logging transport protocol, the PIX Firewall stops passing traffic as a security measure if any of the following error conditions occur: the PIX Firewall is unable to reach the syslog server; the syslog server is misconfigured (such as with PFSS, for example); or the disk is full. (UDP-based logging does not prevent the PIX Firewall from passing traffic if the syslog server fails.)
To enable the PIX Firewall to pass traffic again, do the following:
--------------------------------------------------------------------------------
Step 1 Identify and correct the syslog server connectivity, misconfiguration, or disk space error condition.
Step 2 Enter the command logging host inside 10.1.1.1 tcp/1468 to enable the logging again.
Alternately, you can change the logging to default logging on UDP/514 by issuing the command logging host inside 10.1.1.1. UDP-based logging passes traffic even if the syslog server fails.
HTH
Jeff
10-11-2002 04:21 AM
Hi
Well I'm now using the 3CDaemon (3cdv2r10.zip ) from 3Com. Who's also freeware:
-> http://www.3com.com/products/en_US/result.jspselected=3&sku=3C16951-US&sort=effdt&order=desc
(not better then Kiwi but has ftp,tftp server inclusiv)
And as you told me, I change to udp 514.
It's look to work much better...
Thanks for the advice.
Gael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide