J, At 06:59 AM 10/23/2003 +0200, Jørgen Hoffmeister wrote: >To Brian at Cisco : The way that PIX handles to send syslog events via TCP. >When the PIX can't se the syslog server by the third retry, then it stops >sending syslog messages. Why have you not set up a retry connection, by >every x minutes to retry sending syslog messages again. It could be >usefull. In older versions of the PIX Software it didn't care about that I >could'nt connect to the syslog sesrver via TCP. So this behavior comes from how we solved the requirement to go into blocking mode if the Firewall can't log. At the time it was developed this was about meeting a Fed/DoD requirement. The team continues to look at this and I think it will change as Syslog protocol matures. Liberty for All, Brian Brian Ford Consulting Engineer, Security & Integrity Specialist Office of Strategic Technology Planning Cisco Systems Inc. http://www.cisco.com/go/safe/ The opinions expressed in this message are those of the author and not necessarily those of Cisco Systems, Inc. _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Oct 23 2003 - 19:31:29 PDT