cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
340
Views
0
Helpful
1
Replies

PIX/PDM/Syslog rule number

apasquino
Level 1
Level 1

Looking at the Pix Device Manager I can see access rules associated with reference numbers, just like many other vendors' firewall GUIs.

Now my questions are:

1) What is the link between such reference numbers and the actual PIX config file ?

2) Is there a way to insert such reference numbers into the syslog messages that the PIX sends out, in order to analyze the syslogs with 3rd party reporting tools ?

Thanks for collabations

Andrea

1 Reply 1

ddawson
Level 1
Level 1

1) There's a link in that you can use the numbers to insert new lines at arbitrary places in an access-lists, but aside from this ACL editing feature there's no other significance to the line numbers.

2) The syslog messages won't reference the individual ACL line numbers, but you can get increased detail by configuring ACL logging on individual ACL lines. The message lists which ACL was involved and the details of the protocol, and source and destination ports and addresses, but they don't specifically identify the actual ACL line that matched the packet. However, the log information in conjunction with the hit count in the "show access-list" command should allow you to determine the line reasonably easily, depending on how complex your ACL is, of course. This doesn't help 3rd party syslog tools report details on the ACL, but it might help you make the connection between the log message and the ACL entry more easily.

HTH

Review Cisco Networking for a $25 gift card