Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Decrease of huge amounts of messages (e.g. %CRYPTO-5-IKMP_INVAL_CERT: )?

In a really big secure network environment under certain conditions there's the situation that in a short period of time a huge amount of messages from many encryption devices will be send to the SYSLOG server e.g. like this: '2009-06-08 09:06:48 Local7.Notice <IP> 46785: Jun 8 09:06:51 UTC+2: %CRYPTO-5-IKMP_INVAL_CERT: Certificate received from <IP> is bad: certificate invalid'.

Is there a possibility on the message producing device itself to limit (in a way) the amount of (these) messages before they are sent via the network? Or is the only solution to do so on the SYSLOG server via filtering itself?

Thanx for any suggestion.

Raffael

1 REPLY
Community Member

Re: Decrease of huge amounts of messages (e.g. %CRYPTO-5-IKMP_IN

I think change the Log queue size. Specifies queue size for storing syslog messages on firewall device when syslog server is busy. Minimum is 1 message. Default is 512.

A zero value means an unlimited number of messages can be queued (subject to available block memory).

http://www.cisco.com/en/US/products/sw/cscowork/ps3992/products_user_guide_chapter09186a00801a6d63.html#3954395

196
Views
0
Helpful
1
Replies
CreatePlease to create content