The Cisco PIX firewall offers secure connection oriented message logging using TCP instead of UDP. The default TCP port used for the PIX is port 1468. This port can be any value from 1 through to 65535. The Cisco PIX will also have to be configured to use the alternate port accordingly.
Because TCP is connection oriented, the logging device (Kiwi Syslog Daemon) can let the PIX know when it can no longer accept any more messages if the disk is full for example. To provide feedback to the PIX the Syslog Daemon simply closes the open connection to indicate that it can't accept any more messages. Kiwi Syslog Daemon will check the available disk space on the logging drive and if the percentage of space free falls below the threshold set, it will break the TCP connection to the PIX. This will cause the PIX to stop passing any traffic until Kiwi Syslog Daemon re-accepts the connection requests from the PIX. As soon as the percentage of free disk space rises above the threshold, Kiwi Syslog Daemon will accept log messages from the PIX and traffic will start flowing again.
Warning: If you enable disk space checking, and the disk space usage reaches the set threshold, all PIX traffic will stop. This means no Internet access for your users. Only enable this option if the log integrity is more important than your users having access to the Internet.