Re: syslog and the pix

raffski · ‎09-03-2003

Do you need to setup an access list to enable syslog messages to a host on the inside interface? I'm not getting syslog messages on kiwi. I have it set up for udp on port 20000 and the pix has the logging host inside 'x' udp/20000 command. In the buffer I see messages being logged, but they don't show up in Kiwi.

Test messages from Kiwi itself show up so I don't think it's the syslog config.

mostiguy · ‎09-04-2003

Do a sh log on the pix, and post results here

raffski · ‎09-04-2003

I was being dumb. There is an intermediate pix between me and the pix in question, and I had to add an access list to the intermediate pix for it to permit the logging traffic. Doh!

All working now.

raffski · ‎09-05-2003

Another question...

I'm logging two firewalls to PFSS on one server. But now I can't tell which firewall is logging what messages. Any way to easily do this?

osam · ‎09-05-2003

I think if you don't nat the inside interface of your higher level PIX (using nat 0 access-list xxx command) you should be able to differentiate between the two logs from the each PIX inside interface address.

tvanginneken · ‎09-15-2003

Hi,

try using a different facility for each firewall:

logging facility 'facility'

Kind Regards,

Tom