[syslog-ng]pings from loghost

Brad Arlt arlt@cpsc.ucalgary.ca
Thu, 27 Dec 2001 07:10:53 -0700

On Thu, Dec 27, 2001 at 01:40:58PM +0100, Sippel, Christian wrote:
> I have set up a loghost using syslog-ng 1.4.14 on an AIX-Box. Now there is
> the phenomenon that the loghost tries to send ICMP echo requests (= pings)
> to machines from which it is receiving logs. Those pings are blocked by a
> firewall which is located between the loghost and the other computers. How
> can I stop the syslog-ng-machine from sending these pings? They are
> obviously not necessary for the proper work of syslog-ng as the loghost
> works very well even when the pings are blocked.

AIX uses ICMP echo requests as part of its PMTU discovery.  I had
thought PMTU discovery should only happen with TCP connections, but I
could be wrong (or you could be logging with TCP :).

I have been told by numerous people that it is possible to make AIX
either not issue ICMP echo requests as part of PMTU discovery or not
do PMTU discovery.  Either way I have no idea how, but atleast you should
have an idea of where to look in the manual, and what to blame.
   __o		Bradley Arlt				Security Team Lead
 _ \<_		arlt@cpsc.ucalgary.ca			University Of Calgary
(_)/(_) 	http://pages.cpsc.ucalgary.ca/~arlt/	Computer Science