Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
653
Views
0
Helpful
4
Replies

Monitor logging on PIX515(E)

dannypostma
Level 1
Level 1

‎02-13-2008 06:28 AM - edited ‎03-11-2019 05:02 AM

Hi,

We have a PIX515(E) and we want to monitor the traffic. So that we have the posibility to see which user is visiting which websites and how often. I believe there is a certain logging command, isn't there?

Could anyone tell me which logging that would be and how to turn in on?

Thanks in advance.

Danny.

Labels:
0 Helpful
4 Replies 4

abinjola
Cisco Employee
Cisco Employee

‎02-13-2008 06:36 AM

Logs at debug level would not tell you which website you visits but would definitely tell you the ip address..along with the ports information...

First you would need to install a syslog server software on one of the computers. You may

download one of the popular kiwisyslog server from

http://www.kiwisyslog.com/software_downloads.htm .

It is listed as Kiwi Syslog Daemon and latest version is 7.1.0. You may download standard

edition that runs as a program.

Once the syslog server is installed you will then need to login into the PIX in

configuration terminal mode and enter the following commands.

logging host [in_if_name] ip_address

(example: logging host inside 1.2.3.4

We are assuming syslog server is installed on computer with IP address 1.2.3.4 in the

inside network.)

logging timestamp

logging trap 7

logging on

"Logging on level 7 is only for debugging purposes and do not leave pix on level 7 "

see if this helps !

0 Helpful

cisco24x7
Level 6
Level 6
In response to abinjola

‎02-13-2008 07:52 AM

logging on

logging host 1.2.3.4

logging timestamp

logging trap 6

you do NOT need "logging trap 7" to tell you which website users visit. "logging trap 6"

will generate less syslog messages and it also

can tell you which website user(s) visit.

They both can tell you the same thing but

"logging trap 6" generates much less message.

I am not a windows person. If you use

Linux/Unix syslog-ng, you can have granular

syslog than windows. Just make sure you

have the "-r" option in your syslog config

so that it can accept syslog from other

devices.

CCIE Security

0 Helpful

abinjola
Cisco Employee
Cisco Employee
In response to cisco24x7

‎02-13-2008 08:09 AM

Requster..you need to be on logging trap 7 to see www/urls..

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/l2_72.html#wp1690864

0 Helpful

dannypostma
Level 1
Level 1
In response to abinjola

‎02-14-2008 03:26 AM

Alright, thanks everybody for the answers. I will read the documenation and I'll let you know if it resolved my problem.

With Kind Regards,

Danny

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card