Simpler Navigation for Servers and Operating Systems
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
Showing results for 
Search instead for 
Did you mean: 

Pix Firewall logs to syslog - missing some logs

Go to solution
Occasional Advisor

Pix Firewall logs to syslog - missing some logs

Hi All,


In our environment firewall logs are configured to update in syslog.



Firewall side configuration.



logging enable

logging timestamp

logging buffered errors

logging trap informational

logging history errors

logging host inside x.x.x.x



Syslog logging: enabled

    Facility: 20


syslog conf     /logs/pix/xyz.log


*.info;local3.none;local4.none;local5.none;local6.none;local7.none;mail.none    /var/adm/syslog/syslog.log
*.alert;local3.none;local4.none;local5.none;local6.none;local7.none     /dev/console
*.alert;local3.none;local4.none;local5.none;local6.none;local7.none     root
*.emerg;local3.none;local4.none;local5.none;local6.none;local7.none     *


But now the issue is,


for a particluar time,  say one minute,


if we log it to server1, it logs around 200 messages in server1 /logs/pix/xyz.log.

but if we log it to server2 it logs around 2000 messages in server2 /logs/pix/xyz.log.


What can be the issue.


Warm Regards,


Honored Contributor

Re: Pix Firewall logs to syslog - missing some logs

If the network between the firewall and server1 has a lot of other traffic, some of the log messages may be dropped in transit. The syslog protocol is very basic and does not have any protections against lost messages.

Occasional Advisor

Re: Pix Firewall logs to syslog - missing some logs

Hi MK,

Thank you. Let me check it out .

Warm Regards,
Anish T S
Occasional Advisor

iRe: Pix Firewall logs to syslog - missing some logs

Hi MK & All,


Issue is resolved. It has taken long time to trouble shoot. Used tusc to identify the root cause. In resolv.conf entry was there.


while addding data to syslog syslogd is doing dns lookups to localhost where no dns server was setup. So syslog is waiting for around 5 seconds to time out dns query. During this time lot of logs will  discarded.  Since its syslog protocol as you said it will not be regenerated. So we commented out the in resolv.conf and now everything is fine.


Warm Regards,

Anish T S