Re: Syslog configuration for our PIX 515e

mzamorano · ‎12-21-2004

I want to setup a server in our company so we can receive the logs from both or pix firewalls. I am not very satisfied with the documentation I found online. I would appretiate comments or advice as to how to set this up successfully?

Many thanks, Marcelo

paddyxdoyle · ‎12-21-2004

Marcelo,

Everything you need is in this document!

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094030.shtml

Have a look through and if you have any further questions give us a shout.

Rgds

PD

dgaunt · ‎02-11-2005

I think it should be added that if you do a Syslog over TCP, that the PIX will buffer the logs if the syslog server is down. This is good, unless the buffer gets to big, in which case the PIX will no longer accept new connections.

PE-PatInBC · ‎02-15-2005

Is there a particular Syslog server that people prefer running with the PIX ? I have downloaded one (no names mentioned) but would prefer to find something that runs as a service rather than an application.

Any preferences ?

j.contreras · ‎02-16-2005

Hi,

I use usually two:

-Kiwi syslog (www.kiwisyslog.com) The freeware version is quite good, and you have a service version available. The commercial version adds some functionality (email alerts, filter by ip, etc) but the free one is quite good (and stable...)

-Ciscoworks VMS Security Monitor, if you have an IDS you have it... or with the full versions (20 or unlimited device). You can make reports and correlations.

Just take care that pixen are very "talkative" and send lots of messages, so on VMS, make sure you have a nice machine.

Regards