cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
669
Views
0
Helpful
2
Replies

How to log VPN connections to PIX 515E

fmt_cisco
Level 1
Level 1

I've got a PIX 515E with PIX Firewall Version 6.3(3). For the moment, I've setup a group VPN.

What I'd like to do is to log every VPN connection to this PIX.

I've setup a syslogd. Trap level is set to informational. But with this level, I've got too many informations! And that generates more than 30MB of data everyday!

I know I need to narrow down on the messages, but I don't know what syslog ID's to use in order to know the connections (and probably disconnections as well).

Could somebody help me?

2 Replies 2

Danilo Dy
VIP Alumni
VIP Alumni

Hi,

I use Kiwi Syslog, use it for both PIX/IPSec and ASA/SSL-WebVPN. You can setup the PIX to send all logs from level 0 to 6 but in Kiwi Syslog, configure it to receive only "Authentication"

File + Setup + Rules + Add Rule

Rule Name: MyVPN

File + Setup + Rules + MyVPN + Filters + Add filter

Filter Name: MyVPN-AUTH

File + Setup + Rules + MyVPN + Filters + MyVPN-AUTH

Field: Message text

Filter Type: Simple

Include: "Authentication"

File + Setup + Rules + MyVPN + Actions + Add action

Action Name: Display

Action: Display

Display number: Display 00 (Default)

File + Setup + Rules + MyVPN + Actions + Add action

Action Name: Log to file

Action: Log to file

Path and file name of logfile: your path and filename

Log file format: choose your format

In the logs, you will see the following;

User name

User group

Source IP Address

Authentication: Successful or Rejected and Session type

Good luck!

Regards,

Dandy

I've tried exactly as you suggested, but I got nothing: no log is received!

I'm using group VPN. Is that the cause?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: