03-05-2004 09:08 AM - edited 03-10-2019 07:41 AM
Is PIX OS capable of accounting all commands entered (similar to Cat IOS accounting)? I want to be able to log commands...I don't neccesarily need to log traffic through the PIX.
03-09-2004 07:48 AM
This is what I am also looking for.
Myer, if you found out how to do it pls add a reply to your post here.
Thanks.
03-09-2004 08:00 AM
I just found out that is cannot be done.
:-(
03-09-2004 08:31 AM
From where? I am about to open a TAC case with ACS group.
03-09-2004 08:52 AM
I have a friend with some years of work experience with PIX firewalls, I just asked him ...
Opening a TAC case would be a great idea. They may know more, like if in ver 7 we will have this feature.
Good luck and pls keep us updated :-)
03-09-2004 01:28 PM
Okay, I found out that there is no command accounting available...however, you can use Syslog to track who did what. Here is a link to "Authentication & Command Authorization for PIX 6.2". Go to the Accounting section.
This was given to me by a TAC engineer. Also, one of my CCIE friends verified that the PIX cannot do accounting on CLI commands...only on user services being passed through the PIX. Hope this helps!!
03-10-2004 10:23 AM
indeed it helps. i'll do syslog then.
thanks a lot and good luck.
C
03-22-2004 02:57 PM
Hi, I'm having the same problem. the link provide didn't gave me much info. currently I have logging nofication enable and everything is being sent to my syslog server - that's too much. I just want to log messages when someone make changes. I tried using the "no logging message (message-id) but it takes too long. Do you know if I can use the "logging messages" command and specify a range, i.e 11100-111111?
thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide