Firewall Wizards mailing list archives
Re: Appropriate PIX logging level
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Wed, 26 Apr 2006 16:18:14 -0400
David Lang wrote:
I was actually just starting to look into this, I'm being blasted by the messages from the pix when it rejects a broadcast packet (I'm getting 43,000 log entries per day based on the firewalls rejecting each server that's in a HA configuration and useing broadcast udp packets for their heartbeat, that adds up to a LOT of log entries when there are several dozen such clusters)
Well, that's .497 entries per second; you system can handle that load, I bet!!! :) Why not just put something in front of your logging routines that filters out the "junk" with a blacklist before letting it into the log? If you like massive overkill you could use syslog-ng and zap the stuff with a pattern, but this is more a job for a 10 line C program or a 5 line perl program. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Appropriate PIX logging level Marcus J. Ranum (May 02)
- Re: Appropriate PIX logging level David Lang (May 02)
- Re: Appropriate PIX logging level Marcus J. Ranum (May 02)
- Re: Appropriate PIX logging level David Lang (May 02)
- minirsyslogd (was Appropriate PIX logging level) Bennett Todd (May 04)
- Re: Appropriate PIX logging level ArkanoiD (May 04)
- Re: Appropriate PIX logging level Marcus J. Ranum (May 04)
- Re: Appropriate PIX logging level ArkanoiD (May 04)
- Re: Appropriate PIX logging level Marcus J. Ranum (May 04)
- Re: Appropriate PIX logging level Brian Loe (May 05)
- Re: Appropriate PIX logging level Marcus J. Ranum (May 02)
- Re: Appropriate PIX logging level Chuck Swiger (May 05)
- Re: Appropriate PIX logging level David Lang (May 02)