SysLog Info Needed

Unanswered Question
Aug 6th, 2007

I have deployed Kiwi syslog 7.2.20 server getting the logs from PIX and 2 routers the issue is i want to configure the log in such a way that when ever there is a connectivity from specified IP on a perticular port my syslog should show that cyurrently it is just showing the IP and ports which are not been able to access the firewall or routers

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Mon, 08/06/2007 - 09:34

The PIX audit trail messages are severity 6, so make sure you have configured "logging trap 6".

Pavel Bykov Tue, 08/07/2007 - 08:50

Also, you have to set logging on your PIX to log permitted connections. Variant of "permit ip any any log" in access list. The "log" at the end logs the packets that match the line.

But beware, logging is done at the process level, meaning it's loading your CPU. Whatch your CPU levels. That would make your network at least more susceptible to DOS.

If you want to see them in local log first, as Joe suggested for syslog messages, type "logging buffered 6" on your device.

Actions

This Discussion