Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1818
Views
0
Helpful
4
Replies

Logging PIX xlates?

thknight
Level 1
Level 1

‎09-18-2001 09:42 AM - edited ‎02-20-2020 09:49 PM

Is it possible to log the xlates occuring in a PIX firewall so I can go back later and see what internal address mapped to a particular external address? We have our xlate time set rather high because of the high volume of use our students have on the network and the need to be good stewards of our address space. Yet now, I am having some locations indicating some possible port scanning going on. By the time these locations contact me the xlate has long since changed to a different user. Is there any way to log xlates by time and date either on the pix for so long or externally using CISCOWorks or something else?

Thomas Knight

Taylor University

thknight@tayloru.edu

0 Helpful
4 Replies 4

millerv
Level 1
Level 1

‎09-20-2001 10:11 AM

the pix message that tracks connections is

pix-6-305002. BUT:

in a hih traffic network, this will impact performance greatly. Its an informational message.

I would suggest that you send it to a syslog server,

& then parse the output to a readable form. Don't forget timestamping.

0 Helpful

thknight
Level 1
Level 1
In response to millerv

‎09-21-2001 06:04 AM

Has CISCO released a PIX Syslog Server that will run on Win2000 yet?

Also, what level of logging are you doing to get this info?

0 Helpful

thompson
Level 1
Level 1
In response to thknight

‎09-25-2001 03:03 PM

You would need to set the logging level to 6 to get translation messages. If volumes are high keep an eye on memory and processor usage. Logging at that level for long periods of time will kill the performance at peak periods.

0 Helpful

mweddle
Level 1
Level 1
In response to thknight

‎10-04-2001 09:13 AM

To my knowledge, Cisco does not have a Syslog server for Win2k at this time. However, you can obtain a very simple and free Syslog server from the following URL:

http://www.boson.com/promo/utilities/syslog/syslog_utility.htm

By default, it listens to the local7 facility.

However, I would really recommend you looking into having some type of linux based server.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card