I configured the ACL on the PIX 501 FW to allow certain traffic passing through. I like to check the log of the FW, which cammand I need to use to turn on the logging and see whether the traffic is being pass through or blocked?
I am using PIX ver 6.3
If you do not have a log server, you can check log directly on the pix.
#logging buffered debugging ("buffered" means save the log to pix memory and "debugging" log the most detail info)
also you can try
There are a couple of options available. If you just want to enable login temporarily to view the traffic allowed/denied by ACL, connect to PIX via telnet/ssh and use following commands-
logging monitor 7
These commands will start displaying live logs on your telnet/ssh screen. To stop the logs, you need to type following command while logs are scrolling by-
terminal no monitor
For future purose, I'd recommend you to setup a syslog server on the internal network. All you need is a server on which you can install any of the freely available syslog servers, like kiwi syslog server, and then configure PIX to send log messages to the syslog server. For this, you'll need following commands-
logging host inside x.x.x.x
(x.x.x.x is the ip address of the server)
logging trap [level]
Different levels are as follows:
0 - Emergencies - System unusable messages.
1 - Alerts - Take immediate attention.
2 - Critical - Critical Condition.
3 - Errors - Error messages (this is the default level)
4 - Warnings - Warning messages.
5 - Notifications - Normal but significant condition.
6 - Informational - Informational message.
7 - Debugging - Debug messages and log FTP commands and WWW URLs.
Either level no. or level name can be used in the above command.
Here is a link which tells in detail about all the syslog messages on PIX-
Hope this is helpful.