Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do you setup logging with the PIX

Logging

How do you setup logging with the PIX

by  br0ck  Posted    (Edited  )
Disclaimer: This is a user written FAQ. This document warrants no guarantee. It is a general setup and configuration guide. For more information please go to www.cisco.com

For further information on Pix logging please see: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094030.shtml

Overview:
Syslogging enables you to gather information about PIX traffic and performance, analyze logs for suspicious activity, and troubleshoot problems. This configuration will get you up and logging to a syslog server at a notification level via udp. *Note: You may need to lower the logging level depending on the complexity of your network.


Setup:
1st) you need to locate a syslog server software. I suggest kiwi it's free and easy to use
you can get it here:
http://www.kiwisyslog.com/products.htm

2nd)Setup the software on a server or administrative workstation with a static IP.(Use Syslog software installation guides to get it up and going) *note kiwi offers some tools to verify the server functionality (kiwi sysloggen this sends syslog messages to the server)

3rd)Configure logging on the PIX

Usage: [no] logging on
[no] logging timestamp
[no] logging standby
[no] logging host [<in_if>] <l_ip> [{tcp|6}|{udp|17}/port#]
[format {emblem}]
[no] logging console <level>
[no] logging buffered <level>
[no] logging monitor <level>
[no] logging history <level>
[no] logging trap <level>
[no] logging message <syslog_id> level <level>
[no] logging facility <fac>
[no] logging device-id hostname | ipaddress <if_name>
| string <text>
logging queue <queue_size>
show logging [{message [<syslog_id>|all]} | level | disabled]

Here are the basic commands you need to get going:

logging on <-this enables the logging functionality
logging trap informational <- this sets the level of information you want to receive *see below for a chart of trap levels
logging facility 6 <- use 6 as the default
logging host inside xxx.xxx.xxx.xxx <-set the ip of the syslog server here

this will start sending udp syslog messages to an inside host



Level Code
Emergency--------------------------------------------0
Alert----------------------------------------------------1
Critical-------------------------------------------------2
Error----------------------------------------------------3
Warning------------------------------------------------4
Notification--------------------------------------------5
Informational------------------------------------------6
Debug--------------------------------------------------7 *only use for troubleshooting



Good luck
If you have any questions or comments please start a thread in the Pix section

Br0ck
Register to rate this FAQ  : BAD 1 2 3 4 5 6 7 8 9 10 GOOD
Please Note: 1 is Bad, 10 is Good :-)

Part and Inventory Search

Back
Top