Your syslog server must be failing at that time. By
default, the PIX won't allow new connections thru it
if it can't log them to a TCP syslog server. It's a
security feature. You can get around this with the
command:
"logging permit-hostdown"
--- chetanvatika <chetanvatika yahoo.co.in> wrote:
> ThanKX Brain,
>
> Syslog server is working preety good on tcp/1058.
>
> I am facing the problem that my pix works fine all
> day but when it comes to night like aruond 6-7pm it
> stop creating new connections to outside interface
> and i have to reeboot it.
>
> What can be the problem??
>
> Please help with this.
>
> ----- Original Message -----
> From: Brian
> To: PIX_Firewall@yahoogroups.com
> Sent: Friday, December 16, 2005 12:11 AM
> Subject: [PIX_Firewall] Re: PIX with Syslog
>
>
> Sri,
>
> Sure. Running PIX syslog over tcp/1058 should
> work.
>
> You need to check to make sure that any personal
> firewall on the
> syslog server allows that port. Some block high
> order tcp by default.
>
> You also have to remember that running syslog from
> PIX over TCP means
> that if the server signals unavailable the PIX
> will stop forwarding
> traffic.
>
> If you want to debug you need to #1 make sure you
> can ping the syslog
> server from the PIX and #2 find a ping tool that
> allows you modify the
> port number and run it on a couple of PCs.
>
> Liberty for All,
>
> Brian
>
> --- In PIX_Firewall@yahoogroups.com, "Sridhar
> M.N." <sridmobiley...>
> wrote:
> >
> > Hello Brian,
> >
> > The default for syslog is UPD 514, but TCP
> 1058 works great for
> me. These are the settings I've enabled.
> >
> > logging host inside 10.1.30.48 tcp/1058
> > logging trap debugging
> > logging on
> > logging timestamp
> > logging standby
> > logging buffered notifications
> > logging history notifications
> > logging facility 16
> > logging queue 100
> >
> > In Kiwi setup, Under Inputs --> TCP, select
> Listen for TCP syslog
> messages.
> > TCP Port by default would be 1058
> > Bind to address --> Type in your system's
IP
> address. In my case
> its 10.1.30.48 and click OK
> >
> > I've attached the print screen of the kiwi
> setup too.
> >
> >
> > Brian <brfordy...> wrote:
> > Sri, Chetan;
> >
> > The default port for Syslog is UDP 514. If this
> configuration isn't
> > working it is because either the PIX or the
> Syslog server is sending /
> > listening on the wrong port.
> >
> > Liberty for All,
> >
> > Brian
> >
> > --- In PIX_Firewall@yahoogroups.com,
"Sridhar
> M.N." <sridmobiley...>
> > wrote:
> > >
> > > Hi Chetan,
> > >
> > > Issues these commands in your cisco pix.
> > >
> > > logging on
> > > logging timestamp
> > > logging standby
> > > logging buffered notifications
> > > logging trap errors
> > > logging history notifications
> > > logging facility 16
> > > logging queue 100
> > > logging host inside ipaddress-of
> syslogd-server tcp/port-number
> > >
> > > example : logging host inside 10.1.2.5
> tcp/1058
> > >
> > > 1058 is the default port number and
should
> work fine in KIWI
> > syslog server. But make sure that KIWI is
> listening on port number
> > 1058. Hope this helps.
> > >
> > > chetanvatika <chetanvatikay...>
wrote:
> > > font-face { font-family: Wingdings;
> } font-face {
> > font-family: Tahoma; } page Section1 {size:
> 8.5in 11.0in; margin:
> > 1.0in 1.25in 1.0in 1.25in; } P.MsoNormal {
> FONT-SIZE: 12pt; MARGIN:
> > 0in 0in 0pt; FONT-FAMILY: "Times New
Roman" }
> LI.MsoNormal {
> > FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt;
> FONT-FAMILY: "Times New Roman"
> > } DIV.MsoNormal { FONT-SIZE: 12pt; MARGIN:
> 0in 0in 0pt;
> > FONT-FAMILY: "Times New Roman" }
A:link {
> COLOR: blue;
> > TEXT-DECORATION: underline } SPAN.MsoHyperlink
> { COLOR: blue;
> > TEXT-DECORATION: underline } A:visited {
> COLOR: blue;
> > TEXT-DECORATION: underline }
> SPAN.MsoHyperlinkFollowed { COLOR:
> > blue; TEXT-DECORATION: underline } TT {
> FONT-FAMILY: "Courier New"
> > } SPAN.EmailStyle18 { COLOR: navy;
> FONT-FAMILY: Arial }
> > DIV.Section1 { page: Section1 } OL {
> MARGIN-BOTTOM: 0in } UL {
> > MARGIN-BOTTOM: 0in } Hi All,
> > >
> > > I installed KIWI syslogd on a computer .
> > > And configured the following command on
PIX
> 506E but still its
> > does not worked.
> > > indiapix# sh logging
> > > Syslog logging: enabled
> > > Facility: 20
> > > Timestamp logging: disabled
> > > Standby logging: disabled
> > > Console logging: disabled
> > > Monitor logging: disabled
> > > Buffer logging: level debugging, 254617
> messages logged
> > > Trap logging: level emergencies, 140
> messages logged
> > > Logging to inside
> > > History logging: disabled
> > > Device ID: disabled
> > >
> > > When i do SH LOG on PIX it shows the log
> file but no entry had
> > been done in Syslog server
> > >
> > > Please help me
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: Bob Du Charme (bducharm)
> > > To: PIX_Firewall@yahoogroups.com
> > > Sent: Friday, December 02, 2005 6:45 AM
> > > Subject: RE: [PIX_Firewall] PIX with
Syslog
> > >
> > >
> > > Use an access-list to do this. Refer to
> >
>
>
http://www.cisco.com/en/US/products/sw/secursw/ps2120
/products_command_reference_chapter09186a00801727a3.html#wp1
067755
> > for more details.
> > >
> > > Robert J. Du Charme, CCSP, ISSP, Cisco
> Systems
> > > Security Training Manager
> > > Critical Infrastructure Assurance Group
(CIAG)
> > > (v) 512.378.1063 (f) 512.378.1361
> > > "Security Evangelist"
> > >
> > > http://www.cisco.com/go/
ciag
> > >
> > >
> > >
> > >
> > > ---------------------------------
>
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection
around
http://mail.yahoo.com
------------------------ Yahoo! Groups Sponsor
--------------------~-->
Get Bzzzy! (real tools to help you find a job). Welcome to
the Sweet Life.
http://us.click.yahoo.com/KIlPFB/vlQLAA/TtwFAA/kgFolB/TM
------------------------------------------------------------
--------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://gr
oups.yahoo.com/group/PIX_Firewall/
<*> To unsubscribe from this group, send an email to:
PIX_Firewall-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|