Re: [fw-wiz] Acqusition of time
From: Kevin Steves (stevesk@pobox.com)
Date: 01/31/03
- Next message: anil bindal: "[fw-wiz] What is the difference between stateful packet filtering and Stateful pkt inspection ?"
- Previous message: Tina Bird: "Re: [fw-wiz] Kiwi perspective on logs in court"
- In reply to: Ben Nagy: "Re: [fw-wiz] Acqusition of time"
- Next in thread: Reckhard, Tobias: "RE: [fw-wiz] Acqusition of time"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Kevin Steves <stevesk@pobox.com> To: Ben Nagy <ben@iagu.net> Date: Fri Jan 31 07:59:03 2003
On Thu, Jan 30, 2003 at 09:24:00AM +0100, Ben Nagy wrote:
> I could maybe be convinced that the "best" behaviour would be to start
> marking log entries somehow as soon as NTP sync got lost or the correction
> was larger than a few seconds, but I'm not sure it's anywhere near as
> serious as losing logging ability. (That said, how many people use PIXes
> that log via standard, lossy, syslog ? ;)
PIX will block if using TCP syslog and the log server dies. NTP is
fairly new in PIX and I'm not sure if it blocks if it loses NTP
peers/sync. Seems rather drastic.
Regarding logging, IOS will indicate in logs when logging with
timestamp (I think) whether time is not authoritative and if using NTP
whether it's not synched. '*' and '.' before the time as I recall.
Don't know offhand if PIX does that.
But then, if you don't log, as discussed in the recent thread that
died, it doesn't matter :)
- Next message: anil bindal: "[fw-wiz] What is the difference between stateful packet filtering and Stateful pkt inspection ?"
- Previous message: Tina Bird: "Re: [fw-wiz] Kiwi perspective on logs in court"
- In reply to: Ben Nagy: "Re: [fw-wiz] Acqusition of time"
- Next in thread: Reckhard, Tobias: "RE: [fw-wiz] Acqusition of time"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
