Logging hangs the PIX - Stops internet traffic
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by Tom on March 24, 2007, 6:06 am
Please log in for more thread options minutes to an hour sometimes. But inevitably something hangs. I know the PIX has hanged because all internet traffic stops. No one can get in or out using internet. I don't know about other routing such as SMTP, etc. Never checked because I have to get internet back online asap. Any ideas what I'm doing wrong? I need to get VPN logging activated, but it as soon as I turn it on, the PIX hangs. Thanks. | ||||||||||||||||
|
Posted by Walter Roberson on March 24, 2007, 12:34 pm
Please log in for more thread options >Any ideas what I'm doing wrong? I need to get VPN logging activated,
>but it as soon as I turn it on, the PIX hangs. Is it possible that you are running out of memory? Is it a PIX 501? Have you tried adjusting the logging queue parameter? Are you using UDP logging or TCP logging? UDP logging will just start throwing away messages if they can't be handled, but TCP logging is -intended- to stop traffic flow if it is unable to get an ACK from the logging socket. If you only need particular kinds of logs, you could use a whole lot of "no logging message" to disable the generation of all the messages except the ones you need. Alternately with PIX 6.3 and later, you can use "logging message" to boost level at which specific messages are logged, and then you can adjust the "logging trap" level to log less. For example, you could set "logging trap" to level 2 so that for the most part you only messages that the PIX considers high priority, but you could tweak something that would normally be logging level 4 so that it logs at level 2 instead, thus logging it while the rest of the level 4 messages were not logged. | ||||||||||||||||
|
Posted by Tom on March 24, 2007, 2:17 pm
Please log in for more thread options On Mar 24, 12:34 pm, rober...@hushmail.com (Walter Roberson) wrote:
>
> >We have enabled logging to a syslog server. This works fine for a few
> >minutes to an hour sometimes. But inevitably something hangs. I know > >the PIX has hanged because all internet traffic stops. No one can get > >in or out using internet. I don't know about other routing such as > >SMTP, etc. Never checked because I have to get internet back online > >asap. > >Any ideas what I'm doing wrong? I need to get VPN logging activated, > >but it as soon as I turn it on, the PIX hangs. >
> Is it possible that you are running out of memory? Is it a PIX 501? > Have you tried adjusting the logging queue parameter? > > Are you using UDP logging or TCP logging? UDP logging will just > start throwing away messages if they can't be handled, but TCP > logging is -intended- to stop traffic flow if it is unable to get an > ACK from the logging socket. > > If you only need particular kinds of logs, you could use a whole > lot of "no logging message" to disable the generation of all the > messages except the ones you need. Alternately with PIX 6.3 and later, > you can use "logging message" to boost level at which specific messages > are logged, and then you can adjust the "logging trap" level to log > less. For example, you could set "logging trap" to level 2 so that > for the most part you only messages that the PIX considers high > priority, but you could tweak something that would normally be > logging level 4 so that it logs at level 2 instead, thus logging it > while the rest of the level 4 messages were not logged. Thanks for the reply. I'll try your recommendations and post back. | ||||||||||||||||
>minutes to an hour sometimes. But inevitably something hangs. I know
>the PIX has hanged because all internet traffic stops. No one can get
>in or out using internet. I don't know about other routing such as
>SMTP, etc. Never checked because I have to get internet back online
>asap.