Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Pix 515 failover inside interface have log

Dear all,

I have failover 515 Pix, the logging configure as follows:

[logging on

logging standby

logging buffered debugging

logging trap debugging

logging host inside 210.177.52.33]

in pix menu, if logging standby will created doubles the amount of traffic on the syslog server. My syslog server have logging on failover interface

Sep  5 00:00:23 [200.177.52.38.2.2] %PIX-6-302002: Teardown TCP connection 4011054 faddr 209.76.11.109/1147 gaddr 200.177.52.51/110 laddr 200.177.52.51/110 duration 0:00:01 bytes 222 (TCP FINs)

Sep  5 00:00:23 [200.177.52.39.2.2] %PIX-6-302002: Teardown TCP connection 4011054 faddr 209.76.11.109/1147 gaddr 200.177.52.51/110 laddr 200.177.52.51/110 duration 0:00:01 bytes 222 (TCP FINs)

Sep  5 00:00:41 [200.177.52.39.2.2] %PIX-6-302001: Built inbound TCP connection 4011055 for faddr 213.85.169.211/26181 gaddr 200.177.52.51/110 laddr 210.177.52.51/110

Sep  5 00:00:42 [200.177.52.38.2.2] %PIX-6-302001: Built inbound TCP connection 4011054 for faddr 213.85.169.211/26181 gaddr 200.177.52.51/110 laddr 200.177.52. 51/110

200.177.52.38 is primary inside interface

200.177.52.39 is failover inside interface

Please vertify about log is right or not.

many thanks

KH

5 REPLIES
New Member

Re: Pix 515 failover inside interface have log

logging standby makes the standby pix send all syslogs, as well as the active pix sending. this will cause duplicate entries in the log.

New Member

Re: Pix 515 failover inside interface have log

Hi,

you mean that I clear the syslog standby is better than before, so I only get the once active logging.

thanks

New Member

Re: Pix 515 failover inside interface have log

The only reason log from the standby is if you are having issues with the standby pix and/or failover. With logging standby disabled, you won't get any log messages from the secondary box, even messages that the standby pix originates.

You usually don't want to leave logging standby enabled so that all messages aren't duplicated. Just turn it on if you really need to troubleshoot things.

Greg

New Member

Re: Pix 515 failover inside interface have log

Greg,

Many thanks for your advise,

best regards

Kh

New Member

Re: Pix 515 failover inside interface have log

with all this "debugging" turned on , you are downning your firewall !

105
Views
4
Helpful
5
Replies
CreatePlease to create content