02-28-2007 04:54 AM - edited 03-11-2019 02:39 AM
I configured the ACL on the PIX 501 FW to allow certain traffic passing through. I like to check the log of the FW, which cammand I need to use to turn on the logging and see whether the traffic is being pass through or blocked?
I am using PIX ver 6.3
Solved! Go to Solution.
02-28-2007 06:16 AM
There are a couple of options available. If you just want to enable login temporarily to view the traffic allowed/denied by ACL, connect to PIX via telnet/ssh and use following commands-
logging on
logging monitor 7
terminal monitor
These commands will start displaying live logs on your telnet/ssh screen. To stop the logs, you need to type following command while logs are scrolling by-
terminal no monitor
For future purose, I'd recommend you to setup a syslog server on the internal network. All you need is a server on which you can install any of the freely available syslog servers, like kiwi syslog server, and then configure PIX to send log messages to the syslog server. For this, you'll need following commands-
logging on
logging host inside x.x.x.x
(x.x.x.x is the ip address of the server)
logging trap [level]
Different levels are as follows:
0 - Emergencies - System unusable messages.
1 - Alerts - Take immediate attention.
2 - Critical - Critical Condition.
3 - Errors - Error messages (this is the default level)
4 - Warnings - Warning messages.
5 - Notifications - Normal but significant condition.
6 - Informational - Informational message.
7 - Debugging - Debug messages and log FTP commands and WWW URLs.
Either level no. or level name can be used in the above command.
Here is a link which tells in detail about all the syslog messages on PIX-
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/index.htm
Hope this is helpful.
Regards,
Vibhor.
02-28-2007 06:22 AM
If you do not have a log server, you can check log directly on the pix.
#logging on
#logging timestamp
#logging buffered debugging ("buffered" means save the log to pix memory and "debugging" log the most detail info)
#show log
also you can try
#show access-list
02-28-2007 06:16 AM
There are a couple of options available. If you just want to enable login temporarily to view the traffic allowed/denied by ACL, connect to PIX via telnet/ssh and use following commands-
logging on
logging monitor 7
terminal monitor
These commands will start displaying live logs on your telnet/ssh screen. To stop the logs, you need to type following command while logs are scrolling by-
terminal no monitor
For future purose, I'd recommend you to setup a syslog server on the internal network. All you need is a server on which you can install any of the freely available syslog servers, like kiwi syslog server, and then configure PIX to send log messages to the syslog server. For this, you'll need following commands-
logging on
logging host inside x.x.x.x
(x.x.x.x is the ip address of the server)
logging trap [level]
Different levels are as follows:
0 - Emergencies - System unusable messages.
1 - Alerts - Take immediate attention.
2 - Critical - Critical Condition.
3 - Errors - Error messages (this is the default level)
4 - Warnings - Warning messages.
5 - Notifications - Normal but significant condition.
6 - Informational - Informational message.
7 - Debugging - Debug messages and log FTP commands and WWW URLs.
Either level no. or level name can be used in the above command.
Here is a link which tells in detail about all the syslog messages on PIX-
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/index.htm
Hope this is helpful.
Regards,
Vibhor.
02-28-2007 06:22 AM
If you do not have a log server, you can check log directly on the pix.
#logging on
#logging timestamp
#logging buffered debugging ("buffered" means save the log to pix memory and "debugging" log the most detail info)
#show log
also you can try
#show access-list
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: