Thanks, I'll check that out.

I just got my book in on cisco pix via amazon (yea!), downloaded the free PFSS to setup a syslog server, tried an initial configuration and lost connection to the internet. Our configuration includes a Cisco IDS 4210 and following is the original logging configuration on the PIX:

logging on

logging timestamp

logging buffered warnings

logging trap warnings

logging history warnings

logging host inside 1.2.10.20 (IDS address)

The commands I entered were:

logging on

no logging console

no logging monitor

logging buffer 2

logging host inside 1.2.10.22 tcp/1468

logging timestamp

When I realized we lost internet connectivity, I changed back to the original configuration.

Not sure what I did wrong. Any suggestions?

You probably do *not* want to use TCP based syslogging unless you are sure that the syslog server is up and ready to receive syslogs. By design, if the PIX is unable to send syslogs to a TCP based syslog server, it stops forwarding *all* traffic. This is a security measure for those that require TCP based syslogging. By default, syslog is a UDP based protocol but the commands you entered above told the PIX to use TCP instead (connection vs connection-less protocol).

Also, PFSS is really old and has not been supported in a long time. I would suggest using something more modern and frankly better such as Kiwi Syslog server (freeware). It is easy to use and works well.

Hope this helps explain matters a little.

Scott

Scott,

Thanks for your input....so, does Kiwi Syslog server use udp? Would setup on the pix for logging to the kiwi syslog server be the same/similar?

Syslog is a standard protocol and port (UDP/514 I think) so all servers that support syslog, will support the UDP flavor.

And yes, the setup on the PIX is the same regardless of the type of server the PIX is sending the syslogs to. The PIX is just sending the packets out...he doesn't care where it is going.

Scott

Excellent! Thanks again...I'll give this a shot and post back any questions that may arise.