Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

upgrade from 6.2.2 to 6.3.4 - logging issue

Status
Not open for further replies.
cahelmster

cahelmster

MIS
Jan 15, 2002
126
I just upgraded our PIX-515 from 6.2.2 to 6.3.4. I've noticed on my syslog monitor that I'm not getting hardly any "deny" messages now. I've done a Shields UP! test and everything passes. Could it be from where I had my route down for a little while? All normal outbound and inbound communication seems to be fine. Any ideas?

----------------
Thanks!
CH [lookaround]
 
Sort by date Sort by votes
Well, I'm getting some deny messages now but not many. My main concern is that I receive no deny messages when running port scans from Shields Up, Security Space, etc. Even though the reports from the scans say that all ports are stealth, why would I not receive any deny messages from the scans?

----------------
Thanks!
CH [lookaround]
 
Upvote 0 Downvote
What logging trap level have you set? Do you see buffered logs on the console that you don't see on your syslog server?

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Here's my logging settings from the config:

logging on
logging trap warnings
logging facility 23
logging host inside 192.168.x.x

PIX# sh logging
Syslog logging: enabled
Facility: 23
Timestamp logging: disabled
Standby logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: disabled
Trap logging: level warnings, 1263 messages logged
Logging to inside 192.168.x.x
History logging: disabled
Device ID: disabled

I'm getting some ICMP and UDP deny messages. However, I'm hardly receiving any TCP deny messages at all.

----------------
Thanks!
CH [lookaround]
 
Upvote 0 Downvote
Set up 'logging buffered' and try the port scan again and see if anything shows on the firewall. Then have a look at the syslog server to see if the logs were forwarded to that.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
ok...I set up the buffering and tried the scan for ports 0-1056 again. All I get in the buffer on the PIX is the following message:

500004: Invalid transport field for protocol=6, from 204.x.x.x/34497 to x.x.x.x/0

Yet, Shields UP says every port is stealth.

Any ideas?

----------------
Thanks!
CH [lookaround]
 
Upvote 0 Downvote
Could their be some change in 6.3.4 that affects logging of tcp deny warning messages?

----------------
Thanks!
CH [lookaround]
 
Upvote 0 Downvote
Shouldn't affect it. I'm running 6.3(4) and I'm seeing Deny messages in the logs.

Chris.


**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
well, I'm getting more messages now...looks to be ok...thanks for the help

----------------
Thanks!
CH [lookaround]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
835
Johnkite
Johnkite
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
792
nnaarrnn
nnaarrnn
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
370
hairlessupportmonkey
hairlessupportmonkey
Jimbo2015
  • Locked
  • Question
Avaya - Watch guard issue with keep alives
Replies
1
Views
309
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top