10-10-2007 07:22 AM - edited 02-21-2020 03:18 PM
I've got a PIX 515E with PIX Firewall Version 6.3(3). For the moment, I've setup a group VPN.
What I'd like to do is to log every VPN connection to this PIX.
I've setup a syslogd. Trap level is set to informational. But with this level, I've got too many informations! And that generates more than 30MB of data everyday!
I know I need to narrow down on the messages, but I don't know what syslog ID's to use in order to know the connections (and probably disconnections as well).
Could somebody help me?
10-10-2007 07:40 AM
Hi,
I use Kiwi Syslog, use it for both PIX/IPSec and ASA/SSL-WebVPN. You can setup the PIX to send all logs from level 0 to 6 but in Kiwi Syslog, configure it to receive only "Authentication"
File + Setup + Rules + Add Rule
Rule Name: MyVPN
File + Setup + Rules + MyVPN + Filters + Add filter
Filter Name: MyVPN-AUTH
File + Setup + Rules + MyVPN + Filters + MyVPN-AUTH
Field: Message text
Filter Type: Simple
Include: "Authentication"
File + Setup + Rules + MyVPN + Actions + Add action
Action Name: Display
Action: Display
Display number: Display 00 (Default)
File + Setup + Rules + MyVPN + Actions + Add action
Action Name: Log to file
Action: Log to file
Path and file name of logfile: your path and filename
Log file format: choose your format
In the logs, you will see the following;
User name
User group
Source IP Address
Authentication: Successful or Rejected and Session type
Good luck!
Regards,
Dandy
10-12-2007 09:13 AM
I've tried exactly as you suggested, but I got nothing: no log is received!
I'm using group VPN. Is that the cause?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide