Enabling logging on a DFW or Gateway Firewall rule for syslog service while using remote syslog causes 100% CPU on Edge
search cancel

Enabling logging on a DFW or Gateway Firewall rule for syslog service while using remote syslog causes 100% CPU on Edge

book

Article ID: 319023

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
  • A DFW or Gateway Firewall rule is created for syslog packets (UDP, port 514) with logging enabled
  • CPU on related Edges hits 100% with severe performance degradation

 



Cause

This issue occurs as every syslog packet will be logged and its logging will generate a new syslog packet, causing an infinite logging loop of syslog messages.

Resolution

Currently, there is no resolution.

 


Workaround:
To mitigate the impact of the logging loop:
Add a rule to the top of the firewall with the destination IP of the remote syslog server, with logging disabled.

Powered by Wolken Software