[fw-wiz] Not getting all our denied logs from Cisco FWSM
- From: Kim Cary <Kim.Cary@xxxxxxxxxxxxxx>
- Date: Tue, 29 Aug 2006 09:40:38 -0700
While we're slogging through the beauracracy and shell game of our
TAC case at Cisco, I thought I'd ask the list whether any of you have
seen intermittent failures to send 106100 'denied' log entries from
your FWSM. We're on 2.3(3). As it turns out, these entries our
important to our operations and we're only getting about 10% of them.
We don't seem to be able to get around the deny-flow-max default of
4096. One would think that when those flows are exceeded, you would
just get the messages logged, wouldn't you? Am I missing something,
or is the firewall just throwing these away. We don't want it to do
I know Cisco is trying to not pass along a DOS here, but is there any
way to get them to STOP holding my hand and just send the logs?
The really annoying thing is, we get 100% of our 'permitted' 106100,
so I guess if someone is DOS-ing an open port they can get our syslog
server 'dos-ed' too.
firewall-wizards mailing list
- Prev by Date: Re: [fw-wiz] How automate firewall tests
- Next by Date: Re: [fw-wiz] Skype through a firewall?
- Previous by thread: [fw-wiz] Possible to do torrents through firewalls and via a proxy?
- Next by thread: [fw-wiz] How does your firewall handle DNS messages > 512 octets?