Recently I noticed there are a lot of fragmented packets on our core on regular intervals of time. After further investigation it appeard that nxlog on windows and windows server hosts is sending too big syslog messages to our SIEM, and the hosts themselves are fragmenting the packets before they are send out. Have anyone dealt with similar problem? Not sure if sysadmin or networking will be more suitable for this question. Nxlog is using UDP, probably one way of solving it is switching to TCP. Do you have any other ideas or experiences?
No comments:
Post a Comment