How to log VPN connections to PIX 515E

Unanswered Question
Oct 10th, 2007

I've got a PIX 515E with PIX Firewall Version 6.3(3). For the moment, I've setup a group VPN.

What I'd like to do is to log every VPN connection to this PIX.

I've setup a syslogd. Trap level is set to informational. But with this level, I've got too many informations! And that generates more than 30MB of data everyday!

I know I need to narrow down on the messages, but I don't know what syslog ID's to use in order to know the connections (and probably disconnections as well).

Could somebody help me?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Danilo Dy Wed, 10/10/2007 - 07:40

Hi,

I use Kiwi Syslog, use it for both PIX/IPSec and ASA/SSL-WebVPN. You can setup the PIX to send all logs from level 0 to 6 but in Kiwi Syslog, configure it to receive only "Authentication"

File + Setup + Rules + Add Rule

Rule Name: MyVPN

File + Setup + Rules + MyVPN + Filters + Add filter

Filter Name: MyVPN-AUTH

File + Setup + Rules + MyVPN + Filters + MyVPN-AUTH

Field: Message text

Filter Type: Simple

Include: "Authentication"

File + Setup + Rules + MyVPN + Actions + Add action

Action Name: Display

Action: Display

Display number: Display 00 (Default)

File + Setup + Rules + MyVPN + Actions + Add action

Action Name: Log to file

Action: Log to file

Path and file name of logfile: your path and filename

Log file format: choose your format

In the logs, you will see the following;

User name

User group

Source IP Address

Authentication: Successful or Rejected and Session type

Good luck!

Regards,

Dandy

fmt_cisco Fri, 10/12/2007 - 09:13

I've tried exactly as you suggested, but I got nothing: no log is received!

I'm using group VPN. Is that the cause?

Actions

This Discussion