Inconsitencies with FWSM context buffer logs and Syslog Server.

Unanswered Question
Nov 20th, 2008
User Badges:

Having a problem determining why certain log messages are not being received and/or appear different by the syslog server. On my FWSM context 3.2(4) logging is established with INFO for the trap setting on Facility 19. Noticed the following inconsistency with the messages.


FIREWALL: (real-time buffer)


Nov 20 2008 14:41:14 Firewall : %FWSM-6-302013: Built outbound TCP connection 146704929020420948 for ACL_INSIDE_IN:10.103.56.115/53049 (10.103.56.115/53049) to OUTSIDE:10.145.64.186/5989 (10.145.64.186/5989)

Nov 20 2008 14:41:21 Firewall : %FWSM-6-302013: Built inbound TCP connection 146054653791834182 for ACL_DMZ_IN:10.103.48.91/2073 (10.103.48.91/2073) to In-02-Win-2000:10.103.48.107/1433 (10.103.48.107/1433)


SYSLOG Server: (Setup as local3.*)


Nov 20 14:41:22 10.103.8.34 Nov 20 2008 14:41:21 Firewall : %FWSM-6-302013: Built inbound TCP connection 145918838336000046 for ACL_DMZ_IN:10.103.48.91/2073 (10.103.48.91/2073) to In-02-Win-2000:10.103.48.107/1433 (10.103.48.107/1433)

Nov 20 14:41:36 10.103.8.34 Nov 20 2008 14:41:35 Firewall : %FWSM-6-302013: Built outbound TCP connection 145816313171725930 for ACL_INSIDE_IN 10.103.56.115/53049 (10.103.56.115/53049) to OUTSIDE:10.145.64.186/5989 (10.145.64.186/5989


The connection values are different from Firewall real-time to Syslog server. I have disabled allot of messages thinking I have a bandwidth problem but in doing that nothing changed. I have also noticed that I never receive a Severity 4 (Deny/denied message) in the syslog.


And its only on this context as there are 6 Firewall contexts configured on this 6509. Any help greatly appreciated.

Thanks.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion