https://community.cisco.com/t5/network-security/pix-logging/m-p/775643#M1003487 <HTML><HEAD></HEAD><BODY><P>First, if you enable the highest level of logging, you may get a performance hit. Generally, enabling the Debug level is only for troubleshooting. There are 8 levels of logging:</P><P>0 - Emergencies - system is unusable</P><P>1 - Alerts - Immediate action needed</P><P>2 - Critical - Critical conditions</P><P>3 - Errors - Error conditions</P><P>4 - Warnings - Warning conditions</P><P>5 - Notifications - Informational messages</P><P>6 - Informational - Normal but significant conditions</P><P>7 - Debugging - debug messages</P><P></P><P>Generally, if you want to be able to actually READ the logging files, setting to level 5 - Notifications would be enough. To capture the most information, set it to 6 - Informational.</P><P></P><P>#logging buffered info (if you want to see the logs on the PIX, "sho logg")</P><P>#logging trap info (or "notif" for less clutter) </P><P>I generally use the "informational" level on the trap (syslog) setting, and "notification" on the buffered logging.</P><P></P><P>#logging timestamp (add timestamps to logging)</P><P></P><P>You can enable the other logging options, but this could cause issues. (console logging will log to your console session, making it hard to see any commands entered or other information, Monitor logging will log to your remote access session (telnet, ssh))</P><P></P><P>Check out this URL about logging:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml</A></P><P></P><P></P></BODY></HTML> Fri, 08 Jun 2007 14:55:33 GMT rsmith 2007-06-08T14:55:33Z https://community.cisco.com/t5/network-security/pix-logging/m-p/775642#M1003476 <P>I am new to the PIX and want to make sure that the logging is as high as it can be.</P><P></P><P>If it isnt how can I raise the level of logging to the highest level.</P><P></P><P>###########CONFIG-PORTION-START##########</P><P>[sho config]</P><P>logging on </P><P>logging monitor debugging </P><P>logging trap notifications </P><P>logging history warnings </P><P>logging host inside XXX.XXX.XX.XX</P><P>...</P><P>[sho logging]</P><P>Syslog logging: enabled</P><P> Facility: 20</P><P> Timestamp logging: disabled</P><P> Standby logging: disabled</P><P> Console logging: disabled</P><P> Monitor logging: level debugging, 0 messages logged</P><P> Buffer logging: disabled</P><P> Trap logging: level notifications, 506680159 messages logged</P><P> Logging to inside XXX.XXX.XX.XX</P><P> History logging: level warnings, 502996377 messages logged</P><P> Device ID: disabled</P><P>###########CONFIG-PORTION-END##########</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 10:27:17 GMT https://community.cisco.com/t5/network-security/pix-logging/m-p/775642#M1003476 cadstillo 2019-03-11T10:27:17Z https://community.cisco.com/t5/network-security/pix-logging/m-p/775643#M1003487 <HTML><HEAD></HEAD><BODY><P>First, if you enable the highest level of logging, you may get a performance hit. Generally, enabling the Debug level is only for troubleshooting. There are 8 levels of logging:</P><P>0 - Emergencies - system is unusable</P><P>1 - Alerts - Immediate action needed</P><P>2 - Critical - Critical conditions</P><P>3 - Errors - Error conditions</P><P>4 - Warnings - Warning conditions</P><P>5 - Notifications - Informational messages</P><P>6 - Informational - Normal but significant conditions</P><P>7 - Debugging - debug messages</P><P></P><P>Generally, if you want to be able to actually READ the logging files, setting to level 5 - Notifications would be enough. To capture the most information, set it to 6 - Informational.</P><P></P><P>#logging buffered info (if you want to see the logs on the PIX, "sho logg")</P><P>#logging trap info (or "notif" for less clutter) </P><P>I generally use the "informational" level on the trap (syslog) setting, and "notification" on the buffered logging.</P><P></P><P>#logging timestamp (add timestamps to logging)</P><P></P><P>You can enable the other logging options, but this could cause issues. (console logging will log to your console session, making it hard to see any commands entered or other information, Monitor logging will log to your remote access session (telnet, ssh))</P><P></P><P>Check out this URL about logging:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml</A></P><P></P><P></P></BODY></HTML> Fri, 08 Jun 2007 14:55:33 GMT https://community.cisco.com/t5/network-security/pix-logging/m-p/775643#M1003487 rsmith 2007-06-08T14:55:33Z https://community.cisco.com/t5/network-security/pix-logging/m-p/775644#M1003496 <HTML><HEAD></HEAD><BODY><P>Thanks, how can I disable the timestamp logging?</P><P>-</P><P>Never mind I just saw it.</P><P></P><P>no logging timestamp</P><P></P><P>Thanks again for your help</P></BODY></HTML> Fri, 08 Jun 2007 15:47:52 GMT https://community.cisco.com/t5/network-security/pix-logging/m-p/775644#M1003496 cadstillo 2007-06-08T15:47:52Z https://community.cisco.com/t5/network-security/pix-logging/m-p/775645#M1003507 <HTML><HEAD></HEAD><BODY><P>NP... It is usually a good idea to keep timestamps on if you syslog multiple devices, so you can correlate log entries if any issues happen. (and, of course, Time Servers and NTP on all devices to keep them syncronized.)</P><P></P></BODY></HTML> Fri, 08 Jun 2007 15:53:21 GMT https://community.cisco.com/t5/network-security/pix-logging/m-p/775645#M1003507 rsmith 2007-06-08T15:53:21Z