Access-list logging on Cisco PIX firewall

[cruzd]

Does anyone know how to configure an access-list logging on the Cisco PIX firewall that includes port information? For example, if I'm blocking IP x.x.x.x from my internal network, and IP x.x.x.x decides to try attack my subnet, is there a way to log this activity to know which port he is trying to attack? I know logging messages include the access list number, whether the packet was permitted or denied, the source IP address of the packet, and the number of packets..., but I'd like to know which port.

Thanks in advance.

 

[themut]

You can look at syslog messages, so you need to setup a syslog server. The commands needed are:

loggin trap 7
loggin host inside <server-ip>
loggin on

Level 7 generates a lot of information so you may want to lower it down if it generates too much traffic. Kiwi is a pretty good syslog server but you can also search for the keywords &quot;syslog daemon&quot; on any search engine.

 

[baddos]

&quot;logging trap warnings&quot; will probably be better. It will cut out the other normal messages.