×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Security, hacker detection & forensics FAQ

Logging

How do you setup logging with the PIX by br0ck
Posted: 14 Oct 03

Disclaimer: This is a user written FAQ.  This document warrants no guarantee. It is a general setup and configuration guide. For more information please go to www.cisco.com

For further information on Pix logging please see: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/p...

Overview:
Syslogging enables you to gather information about PIX traffic and performance, analyze logs for suspicious activity, and troubleshoot problems. This configuration will get you up and logging to a syslog server at a notification level via udp. *Note: You may need to lower the logging level depending on the complexity of your network.


Setup:
1st) you need to locate a syslog server software. I suggest kiwi it's free and easy to use
you can get it here:
http://www.kiwisyslog.com/products.htm

2nd)Setup the software on a server or administrative workstation with a static IP.(Use Syslog software installation guides to get it up and going) *note kiwi offers some tools to verify the server functionality (kiwi sysloggen this sends syslog messages to the server)

3rd)Configure logging on the PIX

Usage:  [no] logging on
        [no] logging timestamp
        [no] logging standby
        [no] logging host <in_if> <l_ip> [{tcp|6}|{udp|17}/port#]
                [format {emblem}]
        [no] logging console <level>
        [no] logging buffered <level>
        [no] logging monitor <level>
        [no] logging history <level>
        [no] logging trap <level>
        [no] logging message <syslog_id> level <level>
        [no] logging facility <fac>
        [no] logging device-id hostname | ipaddress <if_name>
                | string <text>
        logging queue <queue_size>
        show logging [{message [<syslog_id>|all]} | level | disabled]

Here are the basic commands you need to get going:

logging on  <-this enables the logging functionality
logging trap informational  <- this sets the level of information you want to receive *see below for a chart of trap levels
logging facility 6  <- use 6 as the default
logging host inside xxx.xxx.xxx.xxx <-set the ip of the syslog server here

this will start sending udp syslog messages to an inside host



Level                                                               Code
Emergency--------------------------------------------0
Alert----------------------------------------------------1
Critical-------------------------------------------------2
Error----------------------------------------------------3
Warning------------------------------------------------4
Notification--------------------------------------------5
Informational------------------------------------------6
Debug--------------------------------------------------7 *only use for troubleshooting



Good luck
If you have any questions or comments please start a thread in the Pix section

Br0ck

Back to Security, hacker detection & forensics FAQ Index
Back to Security, hacker detection & forensics Forum


My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close