PIX Trap Logging on SMTP Traffic

j.alexander · ‎10-22-2004

I have my trap logging set to Notifications and noticed that smtp traffic is not being logged. All other protocols are being logged such as http, https, ftp, rtsp, etc. Why is smtp not being logged? If I increase the trap logging level to Informational, then it gets logged. However, this increased the size of my syslogs due to the additional information it is logging. Any ideas on how I can get smtp to be logged at the Notification level?

ddawson · ‎10-22-2004

You can't change the level of the message itself so you have to continue to log at the Informational level if you want any of those messages. However, you can turn off individual messages with the "no logging message NNNNNN" command, where "NNNNNN" is the message number. While it may look like you'd have to turn off a huge number of messages to only get the ones you want, the reality is that there are probably only a few (a dozen or so) that you're getting a lot of, so it's not too bad. The System Message section of the PIX docs list all the messages by severity level, so you can go through them there, or you can just look in your logs and turn off the ones you no longer want to see. Unfortunately, there's no way to turn on individual messages - you have to log the entire severity level and turn off the ones you don't want.

HTH