chetanvatika,
So as Gary and I have both pointed out if you use TCP Syslog
in the
PIX and the Syslog server doesn't acknowledge the Syslog
messages back
to the PIX; the PIX will think the Syslog server is down and
stop
creating new translations. This means no new sessions can
be created
by the PIX. You can use the command "logging
permit-hostdown" to make
the PIX with syslog set for TCP act the same as syslog set
for UDP.
My recommendation is that unless you have a security policy
that says
"if we can't log traffic, then we shouldn't pass
traffic", you should
not use TCP syslog. It uses more processor cycles on your
PIX, it
creates more traffic, and you can accomplish the same thing
using
syslog over UDP.
My guess is that your syslog server might be busy at that
time of day
doing something that is scheduled (something other than
Syslog).
Liberty for All,
Brian
--- In PIX_Firewall@yahoogroups.com,
"chetanvatika"
<chetanvatika y...> wrote:
>
> ThanKX Brain,
>
> Syslog server is working preety good on tcp/1058.
>
> I am facing the problem that my pix works fine all day
but when it
comes to night like aruond 6-7pm it stop creating new
connections to
outside interface and i have to reeboot it.
>
> What can be the problem??
>
> Please help with this.
>
> ----- Original Message -----
> From: Brian
> To: PIX_Firewall@yahoogroups.com
> Sent: Friday, December 16, 2005 12:11 AM
> Subject: [PIX_Firewall] Re: PIX with Syslog
>
>
> Sri,
>
> Sure. Running PIX syslog over tcp/1058 should work.
>
> You need to check to make sure that any personal
firewall on the
> syslog server allows that port. Some block high
order tcp by default.
>
> You also have to remember that running syslog from
PIX over TCP means
> that if the server signals unavailable the PIX will
stop forwarding
> traffic.
>
> If you want to debug you need to #1 make sure you can
ping the syslog
> server from the PIX and #2 find a ping tool that
allows you modify the
> port number and run it on a couple of PCs.
>
> Liberty for All,
>
> Brian
>
> --- In PIX_Firewall@yahoogroups.com, "Sridhar
M.N." <sridmobiley...>
> wrote:
> >
> > Hello Brian,
> >
> > The default for syslog is UPD 514, but TCP
1058 works great for
> me. These are the settings I've enabled.
> >
> > logging host inside 10.1.30.48 tcp/1058
> > logging trap debugging
> > logging on
> > logging timestamp
> > logging standby
> > logging buffered notifications
> > logging history notifications
> > logging facility 16
> > logging queue 100
> >
> > In Kiwi setup, Under Inputs --> TCP, select
Listen for TCP syslog
> messages.
> > TCP Port by default would be 1058
> > Bind to address --> Type in your system's
IP address. In my case
> its 10.1.30.48 and click OK
> >
> > I've attached the print screen of the kiwi
setup too.
> >
> >
> > Brian <brfordy...> wrote:
> > Sri, Chetan;
> >
> > The default port for Syslog is UDP 514. If this
configuration isn't
> > working it is because either the PIX or the
Syslog server is
sending /
> > listening on the wrong port.
> >
> > Liberty for All,
> >
> > Brian
> >
> > --- In PIX_Firewall@yahoogroups.com,
"Sridhar M.N."
<sridmobiley...>
> > wrote:
> > >
> > > Hi Chetan,
> > >
> > > Issues these commands in your cisco pix.
> > >
> > > logging on
> > > logging timestamp
> > > logging standby
> > > logging buffered notifications
> > > logging trap errors
> > > logging history notifications
> > > logging facility 16
> > > logging queue 100
> > > logging host inside ipaddress-of
syslogd-server tcp/port-number
> > >
> > > example : logging host inside 10.1.2.5
tcp/1058
> > >
> > > 1058 is the default port number and
should work fine in KIWI
> > syslog server. But make sure that KIWI is
listening on port number
> > 1058. Hope this helps.
> > >
> > > chetanvatika <chetanvatikay...>
wrote:
> > > font-face { font-family: Wingdings; }
font-face {
> > font-family: Tahoma; } page Section1 {size: 8.5in
11.0in; margin:
> > 1.0in 1.25in 1.0in 1.25in; } P.MsoNormal {
FONT-SIZE: 12pt;
MARGIN:
> > 0in 0in 0pt; FONT-FAMILY: "Times New
Roman" } LI.MsoNormal {
> > FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt;
FONT-FAMILY: "Times New
Roman"
> > } DIV.MsoNormal { FONT-SIZE: 12pt; MARGIN:
0in 0in 0pt;
> > FONT-FAMILY: "Times New Roman" }
A:link { COLOR: blue;
> > TEXT-DECORATION: underline } SPAN.MsoHyperlink
{ COLOR: blue;
> > TEXT-DECORATION: underline } A:visited {
COLOR: blue;
> > TEXT-DECORATION: underline }
SPAN.MsoHyperlinkFollowed { COLOR:
> > blue; TEXT-DECORATION: underline } TT {
FONT-FAMILY:
"Courier New"
> > } SPAN.EmailStyle18 { COLOR: navy;
FONT-FAMILY: Arial }
> > DIV.Section1 { page: Section1 } OL {
MARGIN-BOTTOM: 0in }
UL {
> > MARGIN-BOTTOM: 0in } Hi All,
> > >
> > > I installed KIWI syslogd on a computer .
> > > And configured the following command on
PIX 506E but still its
> > does not worked.
> > > indiapix# sh logging
> > > Syslog logging: enabled
> > > Facility: 20
> > > Timestamp logging: disabled
> > > Standby logging: disabled
> > > Console logging: disabled
> > > Monitor logging: disabled
> > > Buffer logging: level debugging, 254617
messages logged
> > > Trap logging: level emergencies, 140
messages logged
> > > Logging to inside
> > > History logging: disabled
> > > Device ID: disabled
> > >
> > > When i do SH LOG on PIX it shows the log
file but no entry had
> > been done in Syslog server
> > >
> > > Please help me
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: Bob Du Charme (bducharm)
> > > To: PIX_Firewall@yahoogroups.com
> > > Sent: Friday, December 02, 2005 6:45 AM
> > > Subject: RE: [PIX_Firewall] PIX with
Syslog
> > >
> > >
> > > Use an access-list to do this. Refer to
> >
>
http://www.cisco.com/en/US/products/sw/secursw/ps2120
/products_command_reference_chapter09186a00801727a3.html#wp1
067755
> > for more details.
> > >
> > > Robert J. Du Charme, CCSP, ISSP, Cisco
Systems
> > > Security Training Manager
> > > Critical Infrastructure Assurance Group
(CIAG)
> > > (v) 512.378.1063 (f) 512.378.1361
> > > "Security Evangelist"
> > >
> > > http://www.cisco.com/go/
ciag
> > >
> > >
> > >
> > >
> > > ---------------------------------
> > > From: PIX_Firewall@yahoogroups.com
> > [mailto:PIX_Firewall@yahoogroups.com] On Behalf
Of chetanvatika
> > > Sent: Wednesday, November 30, 2005 1:01 AM
> > > To: PIX_Firewall@yahoogroups.com
> > > Subject: Re: [PIX_Firewall] PIX with Syslog
> > >
> > >
> > >
> > > I tried doing this with Conduit but no
sucess can anyone provide
> > me the correct syntex for this prupose.
> > >
> > > ----- Original Message -----
> > > From: Richards Aaron
> > > To: PIX_Firewall@yahoogroups.com
> > > Sent: Tuesday, November 29, 2005 7:27 PM
> > > Subject: RE: [PIX_Firewall] PIX with
Syslog
> > >
> > >
> > > RDC? You mean RDP (Remote Desktop
Protocol)? If you mean RDP,
> > you need to allow port 3389 into your network
from the outside
to the
> > specific machine you want to allow access to. If
you the
computer you
> > will be coming from has a static IP, then you
can also put that
in to
> > lock it down more securely.
> > >
> > > Thank you,
> > > Aaron Richards
> > > Computer Specialist
> > > Office of Inspector General
> > > Ext. 6378
> > >
> > > -----Original Message-----
> > > From: PIX_Firewall@yahoogroups.com
> > [mailto:PIX_Firewall@yahoogroups.com] On Behalf
Of ChetanVatika
> > > Sent: Monday, November 28, 2005 11:50 PM
> > > To: PIX_Firewall@yahoogroups.com
> > > Subject: [PIX_Firewall] PIX with Syslog
> > >
> > > Thank alot guys,
> > >
> > > I got a huge and heavy response in this
group i will like to
> > thank all of the guys who help me setting up
syslog server.
> > >
> > > Finally i used Kiwi syslog server.
> > >
> > >
> > >
> > > I have a little problem going on with
RDC in PIX
> > >
> > > I want to do RDC from outside interface
to a machine in inside
> > interface.
> > >
> > > I Know i will get a quick and helfull
reply in this group.
> > >
> > >
> > >
> > > TAHNK U AlL,
> > >
> > >
> > >
> > > bye Chetan
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > ---------------------------------
> > > YAHOO! GROUPS LINKS
> > >
> > >
> > > Visit your group
"PIX_Firewall" on the web.
> > >
> > > To unsubscribe from this group, send an
email to:
> > > PIX_Firewall-unsubscribe@yahoogroups.com
> > >
> > > Your use of Yahoo! Groups is subject to
the Yahoo! Terms of
> > Service.
> > >
> > >
> > > ---------------------------------
> > >
> > >
> > >
> > >
> > >
> > > ---------------------------------
> > > Yahoo! Shopping
> > > Find Great Deals on Holiday Gifts at
Yahoo! Shopping
> > >
> >
> >
> >
> >
> >
> >
> >
> > ---------------------------------
> > YAHOO! GROUPS LINKS
> >
> >
> > Visit your group "PIX_Firewall" on
the web.
> >
> > To unsubscribe from this group, send an
email to:
> > PIX_Firewall-unsubscribe@yahoogroups.com
> >
> > Your use of Yahoo! Groups is subject to the
Yahoo! Terms of
> Service.
> >
> >
> > ---------------------------------
> >
> >
> >
> >
> >
> >
> >
> > ---------------------------------
> > Yahoo! Shopping
> > Find Great Deals on Holiday Gifts at Yahoo!
Shopping
> >
>
>
>
>
>
>
>
------------------------------------------------------------
------------------
> YAHOO! GROUPS LINKS
>
> a.. Visit your group "PIX_Firewall" on
the web.
>
> b.. To unsubscribe from this group, send an email
to:
> PIX_Firewall-unsubscribe@yahoogroups.com
>
> c.. Your use of Yahoo! Groups is subject to the
Yahoo! Terms of
Service.
>
>
>
------------------------------------------------------------
------------------
>
------------------------ Yahoo! Groups Sponsor
--------------------~-->
Most low income homes are not online. Make a difference this
holiday season!
http://us.click.yahoo.com/5UeCyC/BWHMAA/TtwFAA/kgFolB/TM
------------------------------------------------------------
--------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://gr
oups.yahoo.com/group/PIX_Firewall/
<*> To unsubscribe from this group, send an email to:
PIX_Firewall-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|