ASDM IP NAMES appearing in log instead of IP Addresses

joe.favia · ‎04-11-2008

Hello,

I'm rather new to Cisco security technology. I've configured a PIX 525 through the ASDM interface and its working fine. The only problem I've got is that the SYSLOG is not showing me the IP addresses but the IP Names I have created through ASDM. Is there any way to disable viewing of logical IP Names ? Filtering functions on the logs are not running properly now. Thank you!

cisco24x7 · ‎04-11-2008

It is very simple. Are you running SYSLOG

on Linux/Unix?

If you're running syslog on Linux, go into

the file /etc/sysconfig/syslog and modify the

following configurtion:

# Options to syslogd

# -m 0 disables 'MARK' messages.

# -r enables logging from remote machines

# -x disables DNS lookups on messages recieved with -r

# See syslogd(8) for more details

SYSLOGD_OPTIONS="-m 0 -r -x"

# Options to klogd

# -2 prints all kernel oops messages twice; once for klogd to decode, and

# once for processing with 'ksymoops'

# -x disables all klogd processing of oops messages entirely

# See klogd(8) for more details

KLOGD_OPTIONS="-x"

restart your syslog with "service syslog restart". Now you will see IP addresses:

Apr 11 12:22:30 192.168.0.3 2950292: .Apr 11 14:31:40: %SEC-6-IPACCESSLOGP: list 190 permitted udp 10.250.97.28(0) -> 192.168.0.2(0), 1 packet

Apr 11 12:22:31 192.168.0.3 2950293: .Apr 11 14:31:41: %SEC-6-IPACCESSLOGP: list 190 permitted udp 10.250.97.9(0) -> 128.18.100.39(0), 1 packet

Apr 11 12:22:33 192.168.0.3 2950294: .Apr 11 14:31:43: %SEC-6-IPACCESSLOGP: list black_hole permitted udp 10.7.32.1(67) -> 255.255.255.255(68), 1 packet

Easy right?

CCIE Security

joe.favia · ‎04-14-2008

Hi,

No, I'm using Cisco MARS. I don't want my PIX to reverse lookup the IP addresses whenever it logs (level=informational). The log does not contain DNS resolvable names, but the IP Names associated within the ASDM.

Thanks.