04-01-2003 05:40 AM - edited 02-20-2020 10:39 PM
Hello,
does anyone know any method to retrive directly from a PIX his logs in a crypted (i.e. secure) way without a VPN?
Thank you
Paolo
04-01-2003 08:25 AM
The Pix can only use syslog to send system messages. Therefore, there is no secure to receive them over the network except over a VPN tunnel. You could use a console cable to log them to a directly connected host and then use SCP to move them to the desired location. Or forward syslog over SSH from that host.
Why are you avoiding the VPN scenario? What is the problem you need to solve?
04-02-2003 03:59 AM
I´m not sure, because I haven´t tested it, but if you have an extra NIC in your PIX you can build a small secure LAN only for syslogging(not routed anywhere).
ip address Extra_NIC 10.0.0.1 255.255.255.252
logging host Extra_NIC 10.0.0.2
Then you should be able to set up a syslogserver (10.0.0.2) and connect it with a UTP-cable or mediaconverters + fibre if you want to physically separate the syslogserver from the PIX. The syslogserver could have 2 NICs (the other on a "non-secure" routed LAN) and SSH installed for secure access to the logfiles.
BUT as mentioned earlier: I haven´t tested this !!
Comments any ?
It would be nice to have this solution confirmed or thrown in the bin, but I don´t have access to a Lab-PIX
/ Per
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide