PIX 506 Report 1

[multisyncxp21]

I run a PIX 506 firewall. Want to get a report from the pix of the websites my users visit. Is this possible.
I tried using websense-but having problems with hotmail
thanks
Sam

 

[dopehead]

Try out PrivateI from

http://www.opensystems.com

Network Systems Engineer
CCNA/CQS/CCSP/Infosec

 

[agrigorof]

See FireGen for Pix Log Analyzer:

http://www.eventid.net/firegen/firegenpix2.asp

Regards,

Adrian

 

[multisyncxp21]

thanks.
loogin trap 7
logging inside host ip address
logging on
is this the command for pix 506 to get the messages,,,
do i have to include any ports??
thanks

 

[agrigorof]

The "logging host" command seems incorrect - should be "logging host inside ip_address". There is no need to specify a port. The Pix firewall will use the default syslog port: UDP/514.

Here is an example of logging setup for a PIX506:
1. Configure a syslog server. You can download the free Kiwi Syslog server (

http://www.kiwisyslog.com)

and install it on any Windows NT/2000/XP/2003 machine. Let's say the IP address of the syslog server is 192.168.1.5
2. Configure Pix to send its logs to the 192.168.1.5 syslog server using these commands:
logging on
logging timestamp
logging console debugging
logging trap debugging
logging history debugging
logging host inside 192.168.1.5

"logging timestamp" is optional

Once you do this the syslog server will start recording the Pix messages. Once you have the logs you can process them with a log analyzer like FireGen for Pix (

http://www.eventid.net/firegen/firegenpix2.asp).

Adrian

 

[multisyncxp21]

Adrian:
Thanks for the info.
I will dowload Kiwi and use firegen to read the logs
I hope the logging command will not create any other problems on the PIX
thanks again
sam