- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Pix Firewall logs to syslog - missing some log...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-11-2012 12:09 AM - edited тАО12-11-2012 12:14 AM
тАО12-11-2012 12:09 AM - edited тАО12-11-2012 12:14 AM
Hi All,
In our environment firewall logs are configured to update in syslog.
Firewall side configuration.
config
logging enable
logging timestamp
logging buffered errors
logging trap informational
logging history errors
logging host inside x.x.x.x
Syslog logging: enabled
Facility: 20
syslog conf
local4.info /logs/pix/xyz.log
*.info;local3.none;local4.none;local5.none;local6.none;local7.none;mail.none /var/adm/syslog/syslog.log
*.alert;local3.none;local4.none;local5.none;local6.none;local7.none /dev/console
*.alert;local3.none;local4.none;local5.none;local6.none;local7.none root
*.emerg;local3.none;local4.none;local5.none;local6.none;local7.none *
But now the issue is,
for a particluar time, say one minute,
if we log it to server1, it logs around 200 messages in server1 /logs/pix/xyz.log.
but if we log it to server2 it logs around 2000 messages in server2 /logs/pix/xyz.log.
What can be the issue.
Warm Regards,
Anish
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-11-2012 04:27 AM
тАО12-11-2012 04:27 AM
Re: Pix Firewall logs to syslog - missing some logs
If the network between the firewall and server1 has a lot of other traffic, some of the log messages may be dropped in transit. The syslog protocol is very basic and does not have any protections against lost messages.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-11-2012 09:43 PM
тАО12-11-2012 09:43 PM
Re: Pix Firewall logs to syslog - missing some logs
Thank you. Let me check it out .
Warm Regards,
Anish T S
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-10-2013 03:15 AM
тАО01-10-2013 03:15 AM
SolutionHi MK & All,
Issue is resolved. It has taken long time to trouble shoot. Used tusc to identify the root cause. In resolv.conf entry 127.0.0.1 was there.
while addding data to syslog syslogd is doing dns lookups to localhost where no dns server was setup. So syslog is waiting for around 5 seconds to time out dns query. During this time lot of logs will discarded. Since its syslog protocol as you said it will not be regenerated. So we commented out the 127.0.0.1 in resolv.conf and now everything is fine.
Warm Regards,
Anish T S