SysLog Info Needed

Unanswered Question
Aug 6th, 2007
User Badges:

I have deployed Kiwi syslog 7.2.20 server getting the logs from PIX and 2 routers the issue is i want to configure the log in such a way that when ever there is a connectivity from specified IP on a perticular port my syslog should show that cyurrently it is just showing the IP and ports which are not been able to access the firewall or routers

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Mon, 08/06/2007 - 09:34
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The PIX audit trail messages are severity 6, so make sure you have configured "logging trap 6".

Pavel Bykov Tue, 08/07/2007 - 08:50
User Badges:
  • Silver, 250 points or more

Also, you have to set logging on your PIX to log permitted connections. Variant of "permit ip any any log" in access list. The "log" at the end logs the packets that match the line.

But beware, logging is done at the process level, meaning it's loading your CPU. Whatch your CPU levels. That would make your network at least more susceptible to DOS.

If you want to see them in local log first, as Joe suggested for syslog messages, type "logging buffered 6" on your device.


This Discussion