Re: Logging on a pix 515E

tbarberio · ‎03-05-2007

Is there a command I can enter in my config on the pix to log inbound traffic that is trying to come through a certain port? If so what is the command and how do I access the log?

vitripat · ‎03-05-2007

there is no command to log inbound traffic. Probably, you can have a syslog server setup, whill would log all the activity through/on PIX to a syslog server. Later you can use these log files for your analysis.

You can download a syslog server from following link, if required.

The name of the tool is Kiwi Syslog Server.

http://www.kiwisyslog.com/php/download.php?syslogd_kiwitools

Install the server on any system connected to PIX, and then reboot the server.

Now enter following commands on your PIX :

pix(config)# logging host [interface_name] [ip_address]

pix(config)# logging trap [level]

pix(config)# logging on

[interface_name] ----> name of interface on which syslog server is connected

(inside).

[ip_address] ----> ip address of workstation where you install sylog server.

[level] ----> level of logging desired.

Different levels are as follows:

0 - Emergencies - System unusable messages.

1 - Alerts - Take immediate attention.

2 - Critical - Critical Condition.

3 - Errors - Error messages (this is the default level)

4 - Warnings - Warning messages.

5 - Notifications - Normal but significant condition.

6 - Informational - Informational message.

7 - Debugging - Debug messages and log FTP commands and WWW URLs.

Either level no. or level name can be used in the above command.

Here is a link which tells in detail about all the syslog messages on PIX-

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/index.htm

Hope this is helpful.

Regards,

Vibhor.