Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
733
Views
0
Helpful
3
Replies

PIX 525-How do I capture all source-destination info

rrice
Level 1
Level 1

‎05-16-2007 05:44 AM - edited ‎03-11-2019 03:15 AM

I have a customer with a PIX 525 currently doing allow all-exclude by exception and we need to change this!! Since they don't know who should or shouldn't be getting through, how do I capture source/destination traffic for all users to obtain this info?

Labels:
0 Helpful
3 Replies 3

vitripat
Level 7
Level 7

‎05-16-2007 06:10 AM

A way would be to configure a syslog server to capture all the traffic going through PIX. However in your situation, I feel that you'll get lot of logs and will have to find traffic related to IPs you are interested in from thos huge log files. Here's how you can configure PIX for syslogging-

You can download a syslog server from following link, if required.

The name of the tool is Kiwi Syslog Server.

http://www.kiwisyslog.com/php/download.php?syslogd_kiwitools

Install the server on any system connected to PIX, and then reboot the server.

Now enter following commands on your PIX :

pix(config)# logging host [interface_name] [ip_address]

pix(config)# logging trap [level]

pix(config)# logging on

[interface_name] ----> name of interface on which syslog server is connected

(inside).

[ip_address] ----> ip address of workstation where you install sylog server.

[level] ----> level of logging desired.

Different levels are as follows:

0 - Emergencies - System unusable messages.

1 - Alerts - Take immediate attention.

2 - Critical - Critical Condition.

3 - Errors - Error messages (this is the default level)

4 - Warnings - Warning messages.

5 - Notifications - Normal but significant condition.

6 - Informational - Informational message.

7 - Debugging - Debug messages and log FTP commands and WWW URLs.

Either level no. or level name can be used in the above command.

Here is a link which tells in detail about all the syslog messages on PIX-

http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html

If you are using 7.x code-

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/syslog/logmsgs.htm

Hope this helps.

Regards,

Vibhor.

0 Helpful

rrice
Level 1
Level 1
In response to vitripat

‎05-16-2007 08:11 AM

Is there any option within the PIX to audit or monitor traffic without using a syslog described above?

0 Helpful

cpembleton
Level 4
Level 4
In response to rrice

‎05-16-2007 09:31 AM

You could use the capture feature. Then you can take the capture a review it in Wireshark.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml#s1

Thanks,

Chad

Please rate if helpful.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card