Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Possible to log xlates to a syslog server?

Status
Not open for further replies.
MichealC4

MichealC4

Programmer
Jun 26, 2003
457
Hi,

I've searched for this but did not find anything at all anywhere regarding this. Is it possible to log xlates to a syslog server? To copy and paste what I posted elsewhere (and received no reply):

Okay, here's the story. I'm working with 4 Cisco PIX 515E's, two of which are failover only. What my boss would like to be able to do is have the xlates logged somewhere for review, preferably our syslog server. I can search for who has what xlate and show all xlates and even show who is connected where all day long. But the forensic time frame is a bit small in that instance, for example. I believe the xlate timeout is 3 hours. That's not a whole lot of time. And we certainly don't have the staff to watch the IDS often enough. Anywho ... So, anybody have any suggestions/resources?

There's the story. I can get you pretty much any other information you need. :) This was handed over to me by my boss so I apologize if I cannot get back as quickly as I would like to with answers to your questions for me.

I am Comptia A+ Certified
 
Sort by date Sort by votes
Sorry, I forgot to mention the FOS is 6.3(3)

I am Comptia A+ Certified
 
Upvote 0 Downvote
Hi TechieMicheal,

I don't straightaway know the answer to this question, so I'll respond with how I'd go about this myself.

I'd temporarily change the logging level on the PIX to ship out all messages (debug and up) and make whatever changes are necessary on the syslog server to facilitate that. If the xlate messages still don't come in then I would assume there's no way to do it through the syslog functionality. Perhaps something through snmp?

But, maybe you've already done that. :)
 
Upvote 0 Downvote
Hrm. I'll have to look in to doing SNMP. You don't by any chance know of a simulation for firewalls, do you? I have one for routers and switches called Virtual Lab, if I remember correctly. Thanks for the help. :) Keep 'em coming. :)

----------------------------
I am Comptia A+ Certified
 
Upvote 0 Downvote

No, I don't know of any. As far as the SNMP goes I won't be able to help much more with that since I'm not utilizing it myself.

Have you tried the changes to the syslog to see if messages about xlates were included?
 
Upvote 0 Downvote
Not yet. It is a production firewall, so I hate to do anything like that until I've done my reading. I'll let you know though as soon as I have something. :)

----------------------------
I am Comptia A+ Certified
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
809
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
673
Johnkite
Johnkite
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
157
Russtoleum
Russtoleum
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
597
nnaarrnn
nnaarrnn
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
174
ISDPCMAN
ISDPCMAN

Part and Inventory Search

Sponsor

Back
Top