Guest

Preview Tool

Cisco Bug: CSCum89106 - [SIEM] CX syslog via TCP cannot detect server network connection issue

Last Modified

Aug 23, 2016

Products (1)

  • Cisco ASA Next-Generation Firewall Services

Known Affected Releases

100.4(0.0.61)

Description (partial)

Symptom:
An ASA CX device configured to export syslog events via unsecured TCP or TLS over TCP may not promptly detect a situation where the syslog receiver is offline or unreachable. Some events that would have been exported will be lost. However, ASA CX currently does not support backlog storage of exported syslog events that cannot be immediately exported, so even if the offline server were detected immediately, events could still be "dropped" while the server is offline. Consequently, the main impact of this defect is that no system events about the syslog server being offline is logged by ASA CX until the server down situation is (eventually) detected.

Conditions:
This problem can happen with an ASA CX device configured to export syslog events via unsecured TCP or TLS over TCP. The problem will happen if the syslog server (receiver) asynchronously goes offline (without initiating the TCP close protocol) after the ASA CX has established a connection with that server.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.