[fw-wiz] Not getting all our denied logs from Cisco FWSM
While we're slogging through the beauracracy and shell game of our
TAC case at Cisco, I thought I'd ask the list whether any of you have
seen intermittent failures to send 106100 'denied' log entries from
your FWSM. We're on 2.3(3). As it turns out, these entries our
important to our operations and we're only getting about 10% of them.
We don't seem to be able to get around the deny-flow-max default of
4096. One would think that when those flows are exceeded, you would
just get the messages logged, wouldn't you? Am I missing something,
or is the firewall just throwing these away. We don't want it to do
I know Cisco is trying to not pass along a DOS here, but is there any
way to get them to STOP holding my hand and just send the logs?
The really annoying thing is, we get 100% of our 'permitted' 106100,
so I guess if someone is DOS-ing an open port they can get our syslog
server 'dos-ed' too.
firewall-wizards mailing list