topic Re: Log dropped packets to syslog server (PIX 506 v6.3) in Network Security https://community.cisco.com/t5/network-security/log-dropped-packets-to-syslog-server-pix-506-v6-3/m-p/579524#M527605 <HTML><HEAD></HEAD><BODY><P>Regarding the behaviour from the pix, it looks to me there is no logging problem and syslogs are not lost. You can verify this with a "show log queue" on the pix.</P><P>Instead, check if the "denied IP" you use to make tests is really routed to the pix, and not dropped somewhere else on the network.</P><P></P><P>HTH</P><P>Mike </P></BODY></HTML> Wed, 15 Feb 2006 16:42:06 GMT mpalardy 2006-02-15T16:42:06Z Log dropped packets to syslog server (PIX 506 v6.3) https://community.cisco.com/t5/network-security/log-dropped-packets-to-syslog-server-pix-506-v6-3/m-p/579523#M527603 <P>Hi,</P><P>I am new at setting up PIX firewall.. Hope that someone would give me some hints on how to log dropped packets to my syslog server. Here is what i have setup and tested..</P><P></P><P>1) I manage to setup remote logging for my syslog server, i could see PIX firewall logs appearing in /var/log/messages in the syslog server...</P><P>Feb 15 18:14:33 firewall1 Feb 15 2006 02:12:14: %PIX-5-111008: User 'enable_1' executed the 'enable' command.</P><P></P><P>2) Have added the following in the access_list...</P><P>access-list PERMIT_IN deny ip any any log</P><P>access-group PERMIT_IN in interface outside</P><P></P><P>3) Have set buffered logging to 6</P><P></P><P>4) Tried to telnet from a "denied" IP. However no logs appear in the syslog server and the dropped packet also did not appear in "show logging".</P><P></P><P>Here is "show logging" output...</P><P></P><P>Syslog logging: enabled</P><P> Facility: 20</P><P> Timestamp logging: enabled</P><P> Standby logging: disabled</P><P> Console logging: disabled</P><P> Monitor logging: disabled</P><P> Buffer logging: level errors, 126 messages logged</P><P> Trap logging: level notifications, 136 messages logged</P><P> Logging to inside 10.26.10.100</P><P> History logging: disabled</P><P> Device ID: disabled</P><P></P><P>Pls let me know if i have missed out something. Thanks.</P><P></P><P>regards,</P><P>thamch</P> Fri, 21 Feb 2020 08:42:49 GMT https://community.cisco.com/t5/network-security/log-dropped-packets-to-syslog-server-pix-506-v6-3/m-p/579523#M527603 thamchunhong 2020-02-21T08:42:49Z Re: Log dropped packets to syslog server (PIX 506 v6.3) https://community.cisco.com/t5/network-security/log-dropped-packets-to-syslog-server-pix-506-v6-3/m-p/579524#M527605 <HTML><HEAD></HEAD><BODY><P>Regarding the behaviour from the pix, it looks to me there is no logging problem and syslogs are not lost. You can verify this with a "show log queue" on the pix.</P><P>Instead, check if the "denied IP" you use to make tests is really routed to the pix, and not dropped somewhere else on the network.</P><P></P><P>HTH</P><P>Mike </P></BODY></HTML> Wed, 15 Feb 2006 16:42:06 GMT https://community.cisco.com/t5/network-security/log-dropped-packets-to-syslog-server-pix-506-v6-3/m-p/579524#M527605 mpalardy 2006-02-15T16:42:06Z