[EMAIL PROTECTED] wrote:
>
> [syslogd dies, pix cpu load goes through ceiling]
> My second question is, how the heck does the PIX know that the syslog
> daemon is gone when its using UDP !!!!!
Firewall sends a log packet to the syslog server.
Server box responds with an ICMP unreachable.
Pix sees ICMP unreachable, hates it, sends a log packet to the syslogd.
Server box responds with an ICMP unreachable.
Wash, rinse, repeat.
For all kinds of firewalls, it is a really good idea to drop
unreachables from the log server silently without logging.
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
"Senex semper diu dormit"
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
