Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1196
Views
3
Helpful
3
Replies

syslog message monitoring for PIX 525

LIMTT
Level 1
Level 1

‎11-07-2002 06:44 AM - edited ‎02-20-2020 10:21 PM

I would like to know that, It is possible to capture whatever traffic across my PIX firewall. I would like to use this logg message to visualize the detail of traffic ( tcp/udp port, host address or subnet ) running in and out my network. I wish to use this logg mesages as an reference point of my future policy implementation.

0 Helpful
3 Replies 3

steve.barlow
Level 7
Level 7

‎11-07-2002 09:45 AM

Yes it is possible to log this info. You will use the "logging" command for this. Example "logging on" and "logging host inside x.x.x.x". You can change the logging level to meet you needs and can disable logging of specific messages if you want (eg "no logging message xxxx").

See link: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00800ec9ea.html#xtocid16

However, the amount of this data will be too hard to read without the use of software to help. Some products that will create these reports (and more) for you are PDM, Network Intelligence (NIE) and eSecurity.

Hope it helps.

Steve

0 Helpful

LIMTT
Level 1
Level 1
In response to steve.barlow

‎11-07-2002 09:22 PM

Hey Steve,

Thanks for your feed back.

Just would like to confirm with u.

Am I right to chose the "level 7 -debugging", in order to capture all logging traffic ?

Could you help to explain the detail of the "facility" componet ?

" Eight facilities LOCAL0(16) through LOCAL7(23)"

Which facilities I have to select, ?

Am I right to chose "LOCAL7(23)"

Thanks

0 Helpful

steve.barlow
Level 7
Level 7
In response to LIMTT

‎11-08-2002 06:04 AM

Logging debugging will give you tons of info, probably more than you need. Try it and see what you get, then whatever messages you don't want, use the no logging mess x to not log it anymore. Fine tune it the way you want.

All syslog messages will have a logging facility and a level (severity). The logging facility can be thought of as where and the level can be thought of as what. The syslog daemon (syslogd) can be thought of as having multiple pipes. It uses the pipes to decide where to send incoming information based on the pipe on which the information arrives. The logging facilities are the pipes by which the syslogd decides where to send information it receives.

To be honest though only about half of my implementations do I actually use the logg fac command, the rest I leave at the default and it always works fine. But feel free to use the command.

As include the command "logging timestamp" so you know the date/time of the event.

Also don't use the command "logging host x.x.x.x tcp x" because this traffic is TCP (that is, with acknowledgments), if the syslog server goes down, traffic through the PIX will stop; for that reason, the tcp syslog command should not be implemented unless you need this kind of functionality! UDP/514 syslogging does not have this effect.

Hope it helps.

Steve

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card