Cisco Bug: CSCum89106 - [SIEM] CX syslog via TCP cannot detect server network connection issue
Aug 23, 2016
- Cisco ASA Next-Generation Firewall Services
Known Affected Releases
Symptom: An ASA CX device configured to export syslog events via unsecured TCP or TLS over TCP may not promptly detect a situation where the syslog receiver is offline or unreachable. Some events that would have been exported will be lost. However, ASA CX currently does not support backlog storage of exported syslog events that cannot be immediately exported, so even if the offline server were detected immediately, events could still be "dropped" while the server is offline. Consequently, the main impact of this defect is that no system events about the syslog server being offline is logged by ASA CX until the server down situation is (eventually) detected. Conditions: This problem can happen with an ASA CX device configured to export syslog events via unsecured TCP or TLS over TCP. The problem will happen if the syslog server (receiver) asynchronously goes offline (without initiating the TCP close protocol) after the ASA CX has established a connection with that server.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases