Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Webtrends Syslog with Pix 515e

Status
Not open for further replies.
Fritjof

Fritjof

Technical User
Aug 23, 2002
15
DE
Hi,

I have a strange problem regarding our PIX 515e with 3 interfaces. I have configured the pix to send informational syslogs (facility 20) to a webtrends firewall-suite. Everything seems to work fine, but the reports I get do not include any bandwidth information. I emailed the webtrends support about the problem an send a example syslog file to them. They told me that I have this problem because I renamed my 3rd interface to DMZ. This is what they told me:

**********************************************

Hello Fritjof,

I took a look at your log file and the reason you cannot view your
bandwidth is due to interface names.
Sample :
WTsyslog[2002-11-08 00:29:17 ip=192.168.101.10 pri=6] <166>Nov 08 2002
00:25:49: %PIX-6-302015: Built outbound UDP connection 56573 for
outside:213.XXX.100.4/53 (213.xxx.100.4/53) to DMZ:192.168.101.6/514
(213.XXX.109.69/514)

In order to get the bandwidth and other stats you must change the value
DMZ to the default (inside/outside). This can be done by configuring
Cisco Pix.
*************************************************

There are some things I don't understand:

1) Can I rename the interface to the default without the need to change every line in my config that includes the interface name?
2) What is the default name for the 3rd interface?
3) As far as I understand Webtrends they want me to name the interface inside. Is it possible to have different interfaces with the same name ?
4) Is there any impact on the logfiles other than the different interface name ?

Any help would be nice.

Thank you.


Fritjof

 
Sort by date Sort by votes
HI Fritjof

1) I don´t think thats possible

2) The deafult name is &quot;intf2&quot;

3) They want u to change the name back to &quot;intf2&quot; . I don´t think that it´s possible to have more interfaces with the same name .. NO I´m sure that´s not possible

iiiss
 
Upvote 0 Downvote
Thank you for the reply. I did the following:

1. I left the pix the way it was, cause it works very well.
2. Every night I run a scheduled job on the new generated logs that replaces the word DMZ with inside :)

Webtrends analyses the manipulated logs exactly the way I want it to.

regards

Fritjof

 
Upvote 0 Downvote
HI.

But you probably have also another active interface called &quot;inside&quot; (the real one), and that trick will give you false info.

I think that you should demand webtrends to fix their bug. Like any other software it is never perfect.
I guess that they simply added support only for pix with 2 interfaces and did not support more then this yet.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
716
Sameer258
Sameer258
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
150
ISDPCMAN
ISDPCMAN
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
110
xwray
xwray
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
201
hairlessupportmonkey
hairlessupportmonkey
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
151
brownmab53
brownmab53

Part and Inventory Search

Sponsor

Back
Top