Reading the PIX documentation (v7.2) I can find the following regarding logging host configuration: " If you specify TCP, the security appliance discovers when the syslog server fails and discontinues sending logs"
Will the firewall recover syslog service (i.e. restarts sending logs) after the server becomes online again? or manual intervention will be needed?
In my experience, it won't recover, but that was with 7.0, I think. I doubt that it's changed, but it was enough to prevent using TCP logging for us. Some drops were better than no logging...however, it is possible to make the firewall stop passing traffic if logging fails, I believe, so that could be used as an avenue toward recovery, if the tradeoff is acceptable.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...