09-18-2001 09:42 AM - edited 02-20-2020 09:49 PM
Is it possible to log the xlates occuring in a PIX firewall so I can go back later and see what internal address mapped to a particular external address? We have our xlate time set rather high because of the high volume of use our students have on the network and the need to be good stewards of our address space. Yet now, I am having some locations indicating some possible port scanning going on. By the time these locations contact me the xlate has long since changed to a different user. Is there any way to log xlates by time and date either on the pix for so long or externally using CISCOWorks or something else?
Thomas Knight
Taylor University
09-20-2001 10:11 AM
the pix message that tracks connections is
pix-6-305002. BUT:
in a hih traffic network, this will impact performance greatly. Its an informational message.
I would suggest that you send it to a syslog server,
& then parse the output to a readable form. Don't forget timestamping.
09-21-2001 06:04 AM
Has CISCO released a PIX Syslog Server that will run on Win2000 yet?
Also, what level of logging are you doing to get this info?
09-25-2001 03:03 PM
You would need to set the logging level to 6 to get translation messages. If volumes are high keep an eye on memory and processor usage. Logging at that level for long periods of time will kill the performance at peak periods.
10-04-2001 09:13 AM
To my knowledge, Cisco does not have a Syslog server for Win2k at this time. However, you can obtain a very simple and free Syslog server from the following URL:
http://www.boson.com/promo/utilities/syslog/syslog_utility.htm
By default, it listens to the local7 facility.
However, I would really recommend you looking into having some type of linux based server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide