06-18-2009 04:02 PM - edited 03-08-2019 06:06 PM
Use the logging command in order to monitor the traffic that passes through the PIX Firewall.
Issue the logging command in order to enable or disable informational messages to the console sends to a syslog server, to an SNMP management station, or PIX Device Manager (PDM).
There are some important notes:
The syslogs that PIX generates can be viewed from the console and from a Telnet console session.
Perform these steps in order to view syslog messages from the PIX console:
New messages appear at the end of the logging listing.
Perform these steps in order to view syslog messages from a Telnet console session:
telnet 192.168.1.2 255.255.255.255 inside
Set the duration for which a Telnet session can be idle before the PIX disconnects the session. The default value is five minutes. A good value to set is 15 minutes, which can be set through the telnet timeout 15 command.
Start Telnet from the host and specify the inside interface of PIX. For example, if the inside interface of PIX is 192.168.1.1, the command is telnet 192.168.1.1.
When Telnet connects, the PIX prompts with the PIX passwd: prompt.
Note: Issue the terminal no monitor command in order to disable the direct display of messages on the Telnet session.
How to Send Syslog Messages to a Syslog Server
The PIX can send syslog messages to any syslog server. If all syslog servers are offline, the PIX stores up to 100 messages in memory. Subsequent messages that arrive overwrite the buffer, starting from the first line.
Perform these steps in order to send messages to a syslog server:
logging host interface address [ protocol/port ]
Replace interface with the interface on which the server exists, and replace address with the IP address of the host. This is an example for the logging host command:
logging host outside 209.165.201.5
If the syslog server receives messages on a non-standard port, replace the protocol with udp and the port with the new port value. The default protocol is UDP with a default port of 514. Alternatively, specify TCP with a default of 1468. To date, there is only one TCP syslog server, the Cisco PIX Firewall Syslog Server (PFSS). Refer to PIX Firewall Syslog Server (PFSS) for more information.
Only one logging host UDP or TCP command statement is permitted for a specific syslog server. A subsequent command statement overrides the previous one. Issue the write terminal command in order to view the logging host command statement in the configuration. The UDP option displays as 17 and the TCP option displays as 6.
Note: Cisco recommends that the debugging level is used during initial setup and during testing. Thereafter, set the level from debugging to errors for production use.
Note: In order to disable sending messages, issue the no logging on command.
clock set 14:25:00 apr 1 1999
logging timestamp
In this example, the clock is set to the current time of 2:25 pm on April 1, 1999, and time stamping is enabled. In order to disable timestamp logging, issue the no logging timestamp command.
Note: By default, log messages are sent over UDP using UDP port 514. If there is another application in the network that uses UDP port 514, the log messages do not reach the syslog server. Use a port scanner in the network to ensure that no other application uses UDP port 514, if default options of the logging command are configured.
Refer to these documents for information on how to configure the PIX to send syslog messages to a server or to the console:
For information on how to install PDM, refer to Cisco PIX Device Manager.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: