<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> All, It appears I have a potentially unique problem. I've been through the mailing lists and support documentation everywhere and can't find a resolution so I am hoping someone else has seen this problem or something similar. We are running Nagios 2.2 on a linux server which sits in one dmz behind a Cisco Pix firewall. The Nagios server is checking the NRPE-NT 0.8b client on many Windows 2000/2003 servers in another dmz. We have a firewall policy that permit the Nagios server and associated NRPE port to connect to any host in the second dmz. Although Nagios is able to connect and receive responses from the NRPE clients, it appears that the connections are not being closed gracefully. My firewall the Pix, is being flooded with tons of Denial messages. I've done packet captures to try and isolate the problem, and it appears that the NRPE client is sending a frame without a FIN or SYN in it. This is causing my firewall to log a LOT more than it really needs to. Here is the the problem definition from Cisco:<big> </big>%PIX-6-106015: Deny TCP (no connection) from IP_addr/port to IP_addr/port flags flags on interface int_name. <pre></pre> Explanation - This message is logged when the PIX Firewall discards a TCP packet that has no associated connection in the PIX Firewall unit's connection table. PIX Firewall looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the PIX Firewall discards the packet. My log files are huge. I would really like to get them back down to a more manageable size. Any thoughts would be appreciated. Regards, Andrew </body> </html>