Firewall Wizards mailing list archives
Re: Appropriate PIX logging level
From: Tichomir Kotek <tichomir.kotek () lynx sk>
Date: Fri, 05 May 2006 09:40:21 +0200
Paul Melson wrote:
-----Original Message----- Subject: Re: [fw-wiz] Appropriate PIX logging levelDavid Lang wrote:I was actually just starting to look into this, I'm being blasted by the messages from the pix when it rejects a broadcast packet (I'm getting 43,000 log entries per day based on the firewalls rejecting each server that's in a HA configuration and useing broadcast udp packets for their heartbeat, that adds up to a LOT of log entries when there are several dozen such clusters)If what you need is for the PIX to handle but not log certain policy events, use 'log disable' in your ACLs: access-list acl_inside deny udp any 10.0.255.255 eq 694 log disable
this actually will not work *when* 10.0.255.255 is ip broadcast for inside IP address. You will get zero ACL hit and 710005 message telling that something aimed to inside intf is dropped. (tested on 6.3 with udp/137-138 broadcasts) tk _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Appropriate PIX logging level, (continued)
- Re: Appropriate PIX logging level Marcus J. Ranum (May 04)
- Re: Appropriate PIX logging level ArkanoiD (May 04)
- Re: Appropriate PIX logging level Marcus J. Ranum (May 04)
- Re: Appropriate PIX logging level Brian Loe (May 05)
- Re: Appropriate PIX logging level Chuck Swiger (May 05)
- Re: Appropriate PIX logging level ArkanoiD (May 05)
- Re: Appropriate PIX logging level Chuck Swiger (May 05)
- Re: Appropriate PIX logging level ArkanoiD (May 05)
- RE: Appropriate PIX logging level David Lang (May 04)
- Re: Appropriate PIX logging level Tichomir Kotek (May 05)