https://community.cisco.com/t5/network-security/pix-515e-xlate-logging/m-p/223616#M568235 <P>Hello,</P><P> We have placed a 515E on our network and we want to be able to log who was what external IP address(or PAT port) when. It seems like a feature that everyone would use but for the life of me I can not figure it out. Have setup syslog but it does not help, nothing or to verbose(Every TCP connection logged). Figured it is something simple that I am over looking, Tryed a SNMP walk but could not find this data this way either. Could make a cronjob user that can only get the xlate but I am hoping there is a better way. Thanks for any help you can give...Scott</P> Fri, 21 Feb 2020 07:15:59 GMT sdaniels 2020-02-21T07:15:59Z https://community.cisco.com/t5/network-security/pix-515e-xlate-logging/m-p/223616#M568235 <P>Hello,</P><P> We have placed a 515E on our network and we want to be able to log who was what external IP address(or PAT port) when. It seems like a feature that everyone would use but for the life of me I can not figure it out. Have setup syslog but it does not help, nothing or to verbose(Every TCP connection logged). Figured it is something simple that I am over looking, Tryed a SNMP walk but could not find this data this way either. Could make a cronjob user that can only get the xlate but I am hoping there is a better way. Thanks for any help you can give...Scott</P> Fri, 21 Feb 2020 07:15:59 GMT https://community.cisco.com/t5/network-security/pix-515e-xlate-logging/m-p/223616#M568235 sdaniels 2020-02-21T07:15:59Z https://community.cisco.com/t5/network-security/pix-515e-xlate-logging/m-p/223617#M568236 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>SYSLOGS, with probably a logging level of 6, or 7. would give you information about the connections being made from what local to what global address.</P><P></P><P>thanks</P><P>Nadeem</P></BODY></HTML> Mon, 01 Mar 2004 21:16:41 GMT https://community.cisco.com/t5/network-security/pix-515e-xlate-logging/m-p/223617#M568236 nkhawaja 2004-03-01T21:16:41Z https://community.cisco.com/t5/network-security/pix-515e-xlate-logging/m-p/223618#M568237 <HTML><HEAD></HEAD><BODY><P>My guess is that you are looking for syslog messages 305011 and 305012 (<A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemsgs.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemsgs.htm</A>).</P><P></P><P>As Nadeem mentioned, these are level 6 messages in the 6.3 code. The problem with logging at level 6 (as you have seen) is that you get a *lot* of other info as well. If you are only interested in getting these 2 messages from the level 6 syslogs, you can change the default level they are given in the 6.3 code. For instance, let's say you normally just send level 3 and below messages to your syslog server. In the 6.3 code, you now have the option to assign syslog ID 305011 and 305012 as level 3 messages as well. This way, you get the info you need without overwhelming your syslog server with info you don't want. Here is a link that discusses this config parameter on the PIX:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#1028090" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#1028090</A></P><P></P><P>Good luck and let us know if you have any other questions concerning this or if this does not answer you question.</P><P></P><P>Scott</P></BODY></HTML> Tue, 02 Mar 2004 14:20:52 GMT https://community.cisco.com/t5/network-security/pix-515e-xlate-logging/m-p/223618#M568237 scoclayton 2004-03-02T14:20:52Z