PIX501 Syslog everything

jsdeprey · ‎09-09-2008

Hey all, I am tring to syslog all connections from a pix501 to a linux server, I see lots of connections and denys etc... but for some reason I am not seeing everything.

I can test by doing a telnet to a random port to a server behind the firewall from my home pc, and I do not see it in the syslogs.

I can ping through the firewall and do not see that go through in the logs either.

I am running version 6.3(5)

My logging config is below

logging on

logging trap debugging

logging host inside neteng

(neteng is the linux syslog server and should be using local4)

I have tried to set all the firewall rules to syslog debugging also, and that does not seem to work.

Any suggestions to make this pix firewall just log EVERY CONNECTION?

suschoud · ‎09-09-2008

I am very sure that you missed those connections in the syslogs.The level of logging setup is debugging and that's the highest on f/w.It includes all the lower level syslogs too.

Try :

logg mon 7

logg on

and see if on a telnet session to f/w,you see all those connections.If you do,then there is an issue with ur syslog server.

Regards,

Sushil

jsdeprey · ‎09-09-2008

It must be something on the setting of my syslog server, I new to setting that up.

But I have tried both

local4.* /var/log/pix.log

*.* /var/log/pix.log

The second, to my understanding should send all logs to that file.

Ill try to find some linux sys log server help, something is wrong

Thanks