|
Thanks Brain and Gray,
I configured my SysLog server over udp port 1058
instead TCP port 1058
Now its is woking preety good. Just configured it
give me a day to monitor then i will give you all the correct
respnse.
Thanks Alot Brain and Gray.
thanX
Chetan
----- Original Message -----
Sent: Monday, December 19, 2005 12:34
AM
Subject: [PIX_Firewall] Re: PIX with
Syslog
chetanvatika,
So as Gary and I have both pointed
out if you use TCP Syslog in the
PIX and the Syslog server doesn't
acknowledge the Syslog messages back
to the PIX; the PIX will think the
Syslog server is down and stop
creating new translations. This means
no new sessions can be created
by the PIX. You can use the command
"logging permit-hostdown" to make
the PIX with syslog set for TCP act the
same as syslog set for UDP.
My recommendation is that unless you have a
security policy that says
"if we can't log traffic, then we shouldn't pass
traffic", you should
not use TCP syslog. It uses more processor
cycles on your PIX, it
creates more traffic, and you can accomplish the
same thing using
syslog over UDP.
My guess is that your syslog
server might be busy at that time of day
doing something that is scheduled
(something other than Syslog).
Liberty for
All,
Brian
--- In PIX_Firewall@yahoogroups.com,
"chetanvatika"
<chetanvatika y...> wrote:
>;
> ThanKX
Brain,
>;
> Syslog server is working preety good on
tcp/1058.
>
> I am facing the problem that my pix works fine all
day but when it
comes to night like aruond 6-7pm it stop creating new
connections to
outside interface and i have to reeboot it.
>
>
What can be the problem??
>
> Please help with this.
>
> ; ----- Original Message -----
> ; From:
Brian
> ; To: PIX_Firewall@yahoogroups.com
> ; Sent: Friday, December 16, 2005 12:11
AM
> Subject: [PIX_Firewall] Re: PIX with Syslog
>;
>
> ; Sri,
>
> ; Sure. ;
Running PIX syslog over tcp/1058 should work.
>
> ; You
need to check to make sure that any personal firewall on
the
> syslog server allows that port. ; Some block high
order tcp by default.
>
> ; You also have to remember
that running syslog from PIX over TCP means
> ; that if the
server signals unavailable the PIX will stop forwarding
>
traffic.
>
> ; If you want to debug you need to #1 make
sure you can ping the syslog
>; server from the PIX and #2
find a ping tool that allows you modify the
> port number
and run it on a couple of PCs.
>
> ; Liberty for
All,
>
> ; Brian
>
> ; --- In
PIX_Firewall@yahoogroups.com, "Sridhar M.N."
<sridmobiley...>
> wrote:
>;
>
> > Hello Brian,
>;
> ;
> ; > The default for
syslog is UPD 514, but TCP 1058 works great for
> me. These
are the settings I've enabled.
> ; > ;
> ; > logging host inside 10.1.30.48
tcp/1058
> > logging trap
debugging
> > logging on
>
> logging timestamp
> > logging
standby
> > logging buffered
notifications
> > logging history
notifications
> > logging facility 16
>
> logging queue 100
> > ;
> ; > In Kiwi setup, Under Inputs --> TCP,
select Listen for TCP syslog
>; messages.
>
> TCP Port by default would be 1058
>
> Bind to address --> Type in your system's IP address. In
my case
> its 10.1.30.48 and click OK
>
> ;
> ; > I've attached the
print screen of the kiwi setup too.
> >
> ; >
> ; > Brian <brfordy...>
wrote:
>; > Sri, Chetan;
>
>
> ; > The default port for Syslog is UDP 514.
If this configuration isn't
> ; > working it is because
either the PIX or the Syslog server is
sending /
> >
listening on the wrong port.
> ; >
> ;
> Liberty for All,
> >
> ; >
Brian
> ; >
> ; > --- In
PIX_Firewall@yahoogroups.com, "Sridhar
M.N."
<sridmobiley...>
> >
wrote:
>; > >
> > > Hi
Chetan,
> > > ;
> ;
> > Issues these commands in your cisco
pix.
> > > ;
> ; >
> logging on
> > > logging
timestamp
> > > logging standby
>
> > logging buffered notifications
> > > logging
trap errors
>; > > logging history
notifications
> > > logging facility
16
> > > logging queue 100
> >
> logging host inside ipaddress-of syslogd-server
tcp/port-number
> > > ;
> ; > > example : logging host inside
10.1.2.5 tcp/1058
> > > ;
> ; > > 1058 is the default port number and
should work fine in KIWI
> > syslog server. But make sure
that KIWI is listening on port number
>; > 1058. Hope this
helps.
> ; > >
> ; > >
chetanvatika <chetanvatikay...> wrote:
>; >
> ; font-face { font-family:
Wingdings; } font-face {
> ; >
font-family: Tahoma; } page Section1 {size: 8.5in 11.0in;
margin:
> > 1.0in 1.25in 1.0in 1.25in; }
P.MsoNormal { FONT-SIZE: 12pt;
MARGIN:
> >
0in 0in 0pt; FONT-FAMILY: "Times New Roman" } LI.MsoNormal {
> ; > FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY:
"Times New
Roman"
> ; > } DIV.MsoNormal
{ FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt;
> >
FONT-FAMILY: "Times New Roman" } A:link { COLOR:
blue;
> ; > TEXT-DECORATION: underline }
SPAN.MsoHyperlink { COLOR: blue;
> ; >
TEXT-DECOR |