The Power of Logging....

mcship · ‎11-19-2002

I'm wanting to enable logging for things like History which should allow me to get idea of how much bandwidth were using for web traffic. I enabled history logging and did a show logging command which showed that information was being taken. I wanting to view that info, how do I get to see that and is there a better way for me to view the amount of information that is passing through the PIX. We only use this for internet traffic.

Also can I use any of the logging features to help me watch for attempt to hack my pix. For example if someone attempts to FTP through the box can it tell me when, what IP, and whether they got in??

steve.barlow · ‎11-21-2002

Here is a link to PIX syslog messages: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a0080089b20.html

A few messages of interest are %PIX-6-307001, %PIX-6-307003, %PIX-6-308001, %PIX-3-309001, %PIX-3-315001 and %PIX-6-315003 to name but a few. You can find those that are of interest to you and log for them (eg log informational and use the command "no logging message xxxx" to filter those you don't want). Lots of work and time can be spent on this but logging is critcial in networks.

First thing I would look at is PDM's logging/graphing capabilties. If that doesn't do enough for you two log consolidation products that come to mind are Network Intelligence (Windows based, plug and play almost) and eSecurity (Unix based, more configuration, more devices supported). They will log your PIX and other devices (eg routers, switches, IDS, firewalls, NT logs) data and produce graphs and tables for you based on all or only parts of the logs that interest you (eg denied inbound access by source IP or port, FTP/URL destinations, top talkers). Can page/email when alerts occur. Of course for this they aren't free options, but when logging gets too much/too difficult to look at in Kiwi or other free syslog servers, you really have no choice.

Hope it helps.

Steve