Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
747
Views
0
Helpful
1
Replies

How do you log incoming traffic (SMTP) on a Cisco PIX 515E?

craigfay1983
Level 1
Level 1

‎03-07-2013 08:45 AM - edited ‎03-11-2019 06:11 PM

                   Hi Everyone,

     I have a good one for you guys. I'm new to ASA's and PIX units. I've setup a few VPN's now but know next to nothing about logging on these units. I read the config guide for the PIX, but cannot figure out how to get a log of incoming SMTP traffic going on the console. Any ideas? Do I need to use a SYSLOG server? I can probably set one up on my laptop... Any replies would be appreciated. Thanks!

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎03-07-2013 08:58 AM

Hi,

Naturally a long term solution for gathering this information would be to send logs to a separate Syslog server.

On the syslog server you will have better tools to go through the logs than just looking at the log buffer on the CLI of the ASA/PIX or on the ASDM real time monitor.

The very basic "logging" configuration would be

logging on

logging timestamp

logging device-id hostname

logging trap informational (or notifications)

logging host

This would include only the logs for syslog server.

There are options to tweak the log output but the above is a pretty basic setting without any extra.

With the above configuration (logging trap informational) you would get logs of every connection formed and every connection teardown. You could then parse the logs for the log messages of SMTP (TCP/25) connections. Naturally this would also log same for translations and other information and depending on the size of the network or amount of the connections this might generate quite a lot of logs.

You can also configure a "log" keyword on "access-list" lines that permit traffic (SMTP in this case). You can also configure a non default "level" for the messages after the "log" keyword.

Most of our Syslog setups log with pretty basic configurations and we use the Syslog server to check for the logs we need.

Your logging setup/configuration naturally depends on your needs. Is it something needed for long term monitoring of connections or just for some quick troubleshooting purposes. Generally I think it would be good to keep logs of most things that happen on the firewall to help with troubleshooting etc.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card