How to log VPN connections to PIX 515E

Unanswered Question
Oct 10th, 2007
User Badges:

I've got a PIX 515E with PIX Firewall Version 6.3(3). For the moment, I've setup a group VPN.


What I'd like to do is to log every VPN connection to this PIX.


I've setup a syslogd. Trap level is set to informational. But with this level, I've got too many informations! And that generates more than 30MB of data everyday!


I know I need to narrow down on the messages, but I don't know what syslog ID's to use in order to know the connections (and probably disconnections as well).


Could somebody help me?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Danilo Dy Wed, 10/10/2007 - 07:40
User Badges:
  • Blue, 1500 points or more

Hi,


I use Kiwi Syslog, use it for both PIX/IPSec and ASA/SSL-WebVPN. You can setup the PIX to send all logs from level 0 to 6 but in Kiwi Syslog, configure it to receive only "Authentication"


File + Setup + Rules + Add Rule

Rule Name: MyVPN


File + Setup + Rules + MyVPN + Filters + Add filter

Filter Name: MyVPN-AUTH


File + Setup + Rules + MyVPN + Filters + MyVPN-AUTH

Field: Message text

Filter Type: Simple

Include: "Authentication"


File + Setup + Rules + MyVPN + Actions + Add action

Action Name: Display

Action: Display

Display number: Display 00 (Default)


File + Setup + Rules + MyVPN + Actions + Add action

Action Name: Log to file

Action: Log to file

Path and file name of logfile: your path and filename

Log file format: choose your format


In the logs, you will see the following;

User name

User group

Source IP Address

Authentication: Successful or Rejected and Session type


Good luck!


Regards,

Dandy


fmt_cisco Fri, 10/12/2007 - 09:13
User Badges:

I've tried exactly as you suggested, but I got nothing: no log is received!


I'm using group VPN. Is that the cause?

Actions

This Discussion