Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
373
Views
0
Helpful
1
Replies

Decrease of huge amounts of messages (e.g. %CRYPTO-5-IKMP_INVAL_CERT: )?

ak1871
Level 1
Level 1

‎07-06-2009 02:48 AM

In a really big secure network environment under certain conditions there's the situation that in a short period of time a huge amount of messages from many encryption devices will be send to the SYSLOG server e.g. like this: '2009-06-08 09:06:48 Local7.Notice <IP> 46785: Jun 8 09:06:51 UTC+2: %CRYPTO-5-IKMP_INVAL_CERT: Certificate received from <IP> is bad: certificate invalid'.

Is there a possibility on the message producing device itself to limit (in a way) the amount of (these) messages before they are sent via the network? Or is the only solution to do so on the SYSLOG server via filtering itself?

Thanx for any suggestion.

Raffael

Labels:
0 Helpful
1 Reply 1

ldardon
Level 1
Level 1

‎07-10-2009 02:16 PM

I think change the Log queue size. Specifies queue size for storing syslog messages on firewall device when syslog server is busy. Minimum is 1 message. Default is 512.

A zero value means an unlimited number of messages can be queued (subject to available block memory).

http://www.cisco.com/en/US/products/sw/cscowork/ps3992/products_user_guide_chapter09186a00801a6d63.html#3954395

0 Helpful
Customers Also Viewed These Support Documents