PIX/ASA Syslog using TCP

Unanswered Question
Apr 4th, 2007
User Badges:

Hi,


Reading the PIX documentation (v7.2) I can find the following regarding logging host configuration: " If you specify TCP, the security appliance discovers when the syslog server fails and discontinues sending logs"


Will the firewall recover syslog service (i.e. restarts sending logs) after the server becomes online again? or manual intervention will be needed?


Thanks in advance.


Ricardo

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kofflerg Fri, 04/06/2007 - 13:58
User Badges:

In my experience, it won't recover, but that was with 7.0, I think. I doubt that it's changed, but it was enough to prevent using TCP logging for us. Some drops were better than no logging...however, it is possible to make the firewall stop passing traffic if logging fails, I believe, so that could be used as an avenue toward recovery, if the tradeoff is acceptable.


George

Actions

This Discussion