Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Very basic question on logs
- Thread starter Piloria
- Start date
- Thread starter
- #3
Thanks
(good to see you are as helpful here as on the CP forum)
i am not a cisco expert so can you expand on the command.
when i type sh logging i get a message stating
Syslog logging :enabled
Facility 20
then disabled next to all the logging types.
all i am interested is seeing network traffic to try and follow changes i am making.
(good to see you are as helpful here as on the CP forum)
i am not a cisco expert so can you expand on the command.
when i type sh logging i get a message stating
Syslog logging :enabled
Facility 20
then disabled next to all the logging types.
all i am interested is seeing network traffic to try and follow changes i am making.
Hey, Piloria ... it's you! I didn't notice first time. It's been a busy day.
Anyway, firstly debugging needs to be turned on ..
pix(config)# logging on
If you want to see the logs on the console, direct them there using ..
pix(config)# logging console <level>
The level depends on how much info you want to see. You can also direct logging to your SSH or telnet session with the command "terminal monitor".
Other options are:
pixfirewall(config)# logging console
Usage: [no] logging on
[no] logging timestamp
[no] logging standby
[no] logging host [<in_if>] <l_ip> [tcp|udp/port#] [format {emblem}]
[no] logging console <level>
[no] logging buffered <level>
[no] logging monitor <level>
[no] logging history <level>
[no] logging trap <level>
[no] logging message <syslog_id> level <level>
[no] logging facility <fac>
[no] logging device-id hostname | ipaddress <if_name>
| string <text>
logging queue <queue_size>
show logging [{message [<syslog_id>|all]} | level | disabled]
Best practice would be to direct the logs to a syslog server and sort them there. I have to say, having worked with both Firewall-1 and Pix, Firewall-1 has by far the best logging. Still, I do like working with the Pix!
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
Anyway, firstly debugging needs to be turned on ..
pix(config)# logging on
If you want to see the logs on the console, direct them there using ..
pix(config)# logging console <level>
The level depends on how much info you want to see. You can also direct logging to your SSH or telnet session with the command "terminal monitor".
Other options are:
pixfirewall(config)# logging console
Usage: [no] logging on
[no] logging timestamp
[no] logging standby
[no] logging host [<in_if>] <l_ip> [tcp|udp/port#] [format {emblem}]
[no] logging console <level>
[no] logging buffered <level>
[no] logging monitor <level>
[no] logging history <level>
[no] logging trap <level>
[no] logging message <syslog_id> level <level>
[no] logging facility <fac>
[no] logging device-id hostname | ipaddress <if_name>
| string <text>
logging queue <queue_size>
show logging [{message [<syslog_id>|all]} | level | disabled]
Best practice would be to direct the logs to a syslog server and sort them there. I have to say, having worked with both Firewall-1 and Pix, Firewall-1 has by far the best logging. Still, I do like working with the Pix!
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
- Thread starter
- #5
Here are practically what you need to do:
1. Configure a syslog server. You can download the free Kiwi Syslog server ( and install it on any Windows NT/2000/XP/2003 machine. Let's say the IP address of the syslog server is 192.168.1.5
2. Configure Pix to send its logs to the 192.168.1.5 syslog server using these commands:
logging on
logging timestamp
logging console debugging
logging trap debugging
logging history debugging
logging host inside 192.168.1.5
Once you do this the syslog server will start recording the Pix messages. Once you have the logs, you can either look at them as they are or use a log analyzer like FireGen for Pix (
If you have any difficulties, let me know.
Regards,
Adrian Grigorof
1. Configure a syslog server. You can download the free Kiwi Syslog server ( and install it on any Windows NT/2000/XP/2003 machine. Let's say the IP address of the syslog server is 192.168.1.5
2. Configure Pix to send its logs to the 192.168.1.5 syslog server using these commands:
logging on
logging timestamp
logging console debugging
logging trap debugging
logging history debugging
logging host inside 192.168.1.5
Once you do this the syslog server will start recording the Pix messages. Once you have the logs, you can either look at them as they are or use a log analyzer like FireGen for Pix (
If you have any difficulties, let me know.
Regards,
Adrian Grigorof
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question