PIX501 Syslog everything

Unanswered Question
Sep 9th, 2008
User Badges:

Hey all, I am tring to syslog all connections from a pix501 to a linux server, I see lots of connections and denys etc... but for some reason I am not seeing everything.

I can test by doing a telnet to a random port to a server behind the firewall from my home pc, and I do not see it in the syslogs.

I can ping through the firewall and do not see that go through in the logs either.


I am running version 6.3(5)


My logging config is below


logging on

logging trap debugging

logging host inside neteng


(neteng is the linux syslog server and should be using local4)


I have tried to set all the firewall rules to syslog debugging also, and that does not seem to work.


Any suggestions to make this pix firewall just log EVERY CONNECTION?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
suschoud Tue, 09/09/2008 - 12:14
User Badges:
  • Gold, 750 points or more

I am very sure that you missed those connections in the syslogs.The level of logging setup is debugging and that's the highest on f/w.It includes all the lower level syslogs too.



Try :



logg mon 7

logg on


and see if on a telnet session to f/w,you see all those connections.If you do,then there is an issue with ur syslog server.



Regards,

Sushil

jsdeprey Tue, 09/09/2008 - 13:00
User Badges:

It must be something on the setting of my syslog server, I new to setting that up.


But I have tried both


local4.* /var/log/pix.log

*.* /var/log/pix.log


The second, to my understanding should send all logs to that file.

Ill try to find some linux sys log server help, something is wrong

Thanks

Actions

This Discussion