RE: [logs] firewall logging and rulesets

From: Brian Ford (brford@private)
Date: Thu Oct 23 2003 - 19:27:17 PDT

  • Next message: Brian Ford: "Re: [logs] firewall logging and rulesets"

    At 06:59 AM 10/23/2003 +0200, Jørgen Hoffmeister wrote:
    >To Brian at Cisco : The way that PIX handles to send syslog events via TCP.
    >When the PIX can't se the syslog server by the third retry, then it stops
    >sending syslog messages. Why have you not set up a retry connection, by
    >every  x minutes to retry sending syslog messages again. It could be
    >usefull. In older versions of the PIX Software it didn't care about that I
    >could'nt connect to the syslog sesrver via TCP.
    So this behavior comes from how we solved the requirement to go into 
    blocking mode if the Firewall can't log.  At the time it was developed this 
    was about meeting a Fed/DoD requirement.  The team continues to look at 
    this and I think it will change as Syslog protocol matures.
    Liberty for All,
    Brian Ford
    Consulting Engineer, Security & Integrity Specialist
    Office of Strategic Technology Planning
    Cisco Systems Inc.
    The opinions expressed in this message are those of the author and not 
    necessarily those of Cisco Systems, Inc.
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Thu Oct 23 2003 - 19:31:29 PDT