[146707] in North American Network Operators' Group
Re: ASA log viewer
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Sun Nov 20 17:34:59 2011
In-Reply-To: <B3EFDDF4FEB4EA4B860629A6EAB0A7B705632E27@SIDFWCRPMBX002.us.si.lan>
Date: Sun, 20 Nov 2011 16:33:52 -0600
From: Jimmy Hess <mysidia@gmail.com>
To: Joe Happe <Joe.Happe@archlearning.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sun, Nov 20, 2011 at 6:42 AM, Joe Happe <Joe.Happe@archlearning.com> wro=
te:
>udp for syslog the ASA won't be in this mode, and you won't block traffic =
if syslog fails. =A0With that said, there may be a command I'm unaware of t=
hat allows a tcp syslog to fail and not block traffic.
Yes.
logging permit-hostdown
However, if you don't need to refuse connections when TCP syslog
fails, then you don't need 100% of your syslog messages, you should
use UDP syslog for performance.
TCP just makes sure you will get all syslog messages between time A
and time B or none of them.
If there are WAN issues, there are many cases where one would prefer
SOME syslog messages, with an understanding that the network
bottleneck means messages are being lost, rather than few/no syslog
messages to help debug the issue
--
-JH
