PIX501 Syslog everything

Unanswered Question
Sep 9th, 2008

Hey all, I am tring to syslog all connections from a pix501 to a linux server, I see lots of connections and denys etc... but for some reason I am not seeing everything.

I can test by doing a telnet to a random port to a server behind the firewall from my home pc, and I do not see it in the syslogs.

I can ping through the firewall and do not see that go through in the logs either.

I am running version 6.3(5)

My logging config is below

logging on

logging trap debugging

logging host inside neteng

(neteng is the linux syslog server and should be using local4)

I have tried to set all the firewall rules to syslog debugging also, and that does not seem to work.

Any suggestions to make this pix firewall just log EVERY CONNECTION?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
suschoud Tue, 09/09/2008 - 12:14

I am very sure that you missed those connections in the syslogs.The level of logging setup is debugging and that's the highest on f/w.It includes all the lower level syslogs too.

Try :

logg mon 7

logg on

and see if on a telnet session to f/w,you see all those connections.If you do,then there is an issue with ur syslog server.

Regards,

Sushil

jsdeprey Tue, 09/09/2008 - 13:00

It must be something on the setting of my syslog server, I new to setting that up.

But I have tried both

local4.* /var/log/pix.log

*.* /var/log/pix.log

The second, to my understanding should send all logs to that file.

Ill try to find some linux sys log server help, something is wrong

Thanks

Actions

This Discussion