10-10-2007 07:22 AM - edited 02-21-2020 03:18 PM
I've got a PIX 515E with PIX Firewall Version 6.3(3). For the moment, I've setup a group VPN.
What I'd like to do is to log every VPN connection to this PIX.
I've setup a syslogd. Trap level is set to informational. But with this level, I've got too many informations! And that generates more than 30MB of data everyday!
I know I need to narrow down on the messages, but I don't know what syslog ID's to use in order to know the connections (and probably disconnections as well).
Could somebody help me?
10-10-2007 07:40 AM
Hi,
I use Kiwi Syslog, use it for both PIX/IPSec and ASA/SSL-WebVPN. You can setup the PIX to send all logs from level 0 to 6 but in Kiwi Syslog, configure it to receive only "Authentication"
File + Setup + Rules + Add Rule
Rule Name: MyVPN
File + Setup + Rules + MyVPN + Filters + Add filter
Filter Name: MyVPN-AUTH
File + Setup + Rules + MyVPN + Filters + MyVPN-AUTH
Field: Message text
Filter Type: Simple
Include: "Authentication"
File + Setup + Rules + MyVPN + Actions + Add action
Action Name: Display
Action: Display
Display number: Display 00 (Default)
File + Setup + Rules + MyVPN + Actions + Add action
Action Name: Log to file
Action: Log to file
Path and file name of logfile: your path and filename
Log file format: choose your format
In the logs, you will see the following;
User name
User group
Source IP Address
Authentication: Successful or Rejected and Session type
Good luck!
Regards,
Dandy
10-12-2007 09:13 AM
I've tried exactly as you suggested, but I got nothing: no log is received!
I'm using group VPN. Is that the cause?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: