[c-nsp] PIX syslog via TCP

nevot r.nevot at gmail.com
Fri Jul 1 13:57:45 EDT 2005


Hi,

I am asked to send the syslog from several PIXes ver 6.3.1 to a
central collector, but they want me to do it via TCP (reliability,
etc).

Reading in the documentation from cisco, they say TCP syslog is
intended to be made with PIX Firewall Syslog Server (PFSS), an app
running in WinNT, but they have a custom application, not this cisco
branded app.

My questions are these:
- How performance can be affected with this kind of syslog connection?
- Is syslog via TCP RFC compliant? (think it's rfc3195 but I think PIX
does not follow this RFC)
- What can be the PIX behaviour when the collector goes down?

And, that way, can be this goal (receiving via tcp) afforded with
syslog-ng? any experiences? are you deploying this with success?

Best regards!



More information about the cisco-nsp mailing list