Hi,
Something weird happened just now, it's the first time my PIX 506E crashed. Suddenly I had no internet connection, the pix didn't respond to pings on the inside interface, and there was no response on the console port. There have been no configuration or rule changes this week and the PIX worked fine.
I'm logging everything from Informational and up, to a SQL backend via KIWI syslog (via UDP/514). PIX version is 6.3(3)
1. how can I figure out why the PIX crashed? I've looked through the events in the SQL database just before the crash and all I see is "normal" traffic (I compared it to data from the past week). Is there some way I can see what caused the crash?
2. Is there perhaps some other way of logging, so that in the event of a crash it is possible to see what caused it
3. When I flipped the switch to reset the pix, something happened I don't understand. The couple of syslog events where of traffic :
Built local-host inside:xxx.xxx.xxx.xxx
Built dynamic UDP translation from inside:xxx.xxx.xxx.xxx to outside:xxx.xxx.xxx.xxx
Built static TCP translation from inside:xxx.xxx.xxx.xxx to outside:xxx.xxx.xxx.xxx
Teardown UDP connection 0 for outside:xxx.xxx.xxx.xxx to inside:xxx.xxx.xxx.xxx duration 0:00:01 bytes 139
New user added to local dbase: Uname: xxxxx Priv: 15 Encpass: xxxxxxx
Cmd priv level changed: Var: show Cmd: ssh Priv Level
After that the event read: "PIX startup completed. Beginning operation."
It seems to me that that should be first and then the pix should process rules/traffic.
Maybe someone can tell me if that's "normal" ?
For now everything seems to be in working order but I would feel better if I know what happened.
Ray
Something weird happened just now, it's the first time my PIX 506E crashed. Suddenly I had no internet connection, the pix didn't respond to pings on the inside interface, and there was no response on the console port. There have been no configuration or rule changes this week and the PIX worked fine.
I'm logging everything from Informational and up, to a SQL backend via KIWI syslog (via UDP/514). PIX version is 6.3(3)
1. how can I figure out why the PIX crashed? I've looked through the events in the SQL database just before the crash and all I see is "normal" traffic (I compared it to data from the past week). Is there some way I can see what caused the crash?
2. Is there perhaps some other way of logging, so that in the event of a crash it is possible to see what caused it
3. When I flipped the switch to reset the pix, something happened I don't understand. The couple of syslog events where of traffic :
Built local-host inside:xxx.xxx.xxx.xxx
Built dynamic UDP translation from inside:xxx.xxx.xxx.xxx to outside:xxx.xxx.xxx.xxx
Built static TCP translation from inside:xxx.xxx.xxx.xxx to outside:xxx.xxx.xxx.xxx
Teardown UDP connection 0 for outside:xxx.xxx.xxx.xxx to inside:xxx.xxx.xxx.xxx duration 0:00:01 bytes 139
New user added to local dbase: Uname: xxxxx Priv: 15 Encpass: xxxxxxx
Cmd priv level changed: Var: show Cmd: ssh Priv Level
After that the event read: "PIX startup completed. Beginning operation."
It seems to me that that should be first and then the pix should process rules/traffic.
Maybe someone can tell me if that's "normal" ?
For now everything seems to be in working order but I would feel better if I know what happened.
Ray
