Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Appropriate PIX logging level

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Wed, 26 Apr 2006 16:18:14 -0400
David Lang wrote:

I was actually just starting to look into this, I'm being blasted by the messages from the pix when it rejects a 
broadcast packet (I'm getting 43,000 log entries per day based on the firewalls rejecting each server that's in a HA 
configuration and useing broadcast udp packets for their heartbeat, that adds up to a LOT of log entries when there 
are several dozen such clusters)


Well, that's .497 entries per second; you system can handle that load, I bet!!! :)
Why not just put something in front of your logging routines that filters out the
"junk" with a blacklist before letting it into the log? If you like massive overkill
you could use syslog-ng and zap the stuff with a pattern, but this is more a
job for a 10 line C program or a 5 line perl program.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: