check the PIX logging

Answered Question
Feb 28th, 2007

I configured the ACL on the PIX 501 FW to allow certain traffic passing through. I like to check the log of the FW, which cammand I need to use to turn on the logging and see whether the traffic is being pass through or blocked?

I am using PIX ver 6.3

I have this problem too.
0 votes
Correct Answer by rico_hao40 about 9 years 6 months ago

If you do not have a log server, you can check log directly on the pix.

#logging on

#logging timestamp

#logging buffered debugging ("buffered" means save the log to pix memory and "debugging" log the most detail info)

#show log

also you can try

#show access-list

Correct Answer by vitripat about 9 years 6 months ago

There are a couple of options available. If you just want to enable login temporarily to view the traffic allowed/denied by ACL, connect to PIX via telnet/ssh and use following commands-

logging on

logging monitor 7

terminal monitor

These commands will start displaying live logs on your telnet/ssh screen. To stop the logs, you need to type following command while logs are scrolling by-

terminal no monitor

For future purose, I'd recommend you to setup a syslog server on the internal network. All you need is a server on which you can install any of the freely available syslog servers, like kiwi syslog server, and then configure PIX to send log messages to the syslog server. For this, you'll need following commands-

logging on

logging host inside x.x.x.x

(x.x.x.x is the ip address of the server)

logging trap [level]

Different levels are as follows:

0 - Emergencies - System unusable messages.

1 - Alerts - Take immediate attention.

2 - Critical - Critical Condition.

3 - Errors - Error messages (this is the default level)

4 - Warnings - Warning messages.

5 - Notifications - Normal but significant condition.

6 - Informational - Informational message.

7 - Debugging - Debug messages and log FTP commands and WWW URLs.

Either level no. or level name can be used in the above command.

Here is a link which tells in detail about all the syslog messages on PIX-

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/index.htm

Hope this is helpful.

Regards,

Vibhor.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
vitripat Wed, 02/28/2007 - 06:16

There are a couple of options available. If you just want to enable login temporarily to view the traffic allowed/denied by ACL, connect to PIX via telnet/ssh and use following commands-

logging on

logging monitor 7

terminal monitor

These commands will start displaying live logs on your telnet/ssh screen. To stop the logs, you need to type following command while logs are scrolling by-

terminal no monitor

For future purose, I'd recommend you to setup a syslog server on the internal network. All you need is a server on which you can install any of the freely available syslog servers, like kiwi syslog server, and then configure PIX to send log messages to the syslog server. For this, you'll need following commands-

logging on

logging host inside x.x.x.x

(x.x.x.x is the ip address of the server)

logging trap [level]

Different levels are as follows:

0 - Emergencies - System unusable messages.

1 - Alerts - Take immediate attention.

2 - Critical - Critical Condition.

3 - Errors - Error messages (this is the default level)

4 - Warnings - Warning messages.

5 - Notifications - Normal but significant condition.

6 - Informational - Informational message.

7 - Debugging - Debug messages and log FTP commands and WWW URLs.

Either level no. or level name can be used in the above command.

Here is a link which tells in detail about all the syslog messages on PIX-

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/index.htm

Hope this is helpful.

Regards,

Vibhor.

Correct Answer
rico_hao40 Wed, 02/28/2007 - 06:22

If you do not have a log server, you can check log directly on the pix.

#logging on

#logging timestamp

#logging buffered debugging ("buffered" means save the log to pix memory and "debugging" log the most detail info)

#show log

also you can try

#show access-list

Actions

This Discussion