Ability to log allowed access-list on pix515 ?

[leprikon]

I've been using kiwi syslog for a while with our pix 515e. It's great for seeing denied access via access-list. How do I show permitted traffic however ?

access-list 103 permit ip host 192.168.1.x any log

log parameter doesn't work. Would i have to log at the information level instead of warning ? I only want the detail on certain pcs.

 

[yizhar]

HI.

> Would i have to log at the information level instead of warning?
Yes, you'll need to log at level 6 (informational).
I don't know of any other way.
This of course will generate a lot more syslog traffic.

You will probably also need a 3rd party software or custom script to filter the log and get some info from it.
I am currently writing my own program for that purpose, and you can find some other - some free perl scripts and some software packages in varying prices.

The pix (as far as I know) will only log TCP and UDP sessions, so other traffic of that host like GRE might be unlogged.
ICMP can be logged using the IDS "ip audit" commands:
ip audit name info1 info action alarm
ip audit name attack1 attack action alarm drop reset
ip audit interface outside info1
ip audit interface outside attack1

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar