Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

check the PIX logging

I configured the ACL on the PIX 501 FW to allow certain traffic passing through. I like to check the log of the FW, which cammand I need to use to turn on the logging and see whether the traffic is being pass through or blocked?

I am using PIX ver 6.3

2 ACCEPTED SOLUTIONS

Accepted Solutions
Silver

Re: check the PIX logging

There are a couple of options available. If you just want to enable login temporarily to view the traffic allowed/denied by ACL, connect to PIX via telnet/ssh and use following commands-

logging on

logging monitor 7

terminal monitor

These commands will start displaying live logs on your telnet/ssh screen. To stop the logs, you need to type following command while logs are scrolling by-

terminal no monitor

For future purose, I'd recommend you to setup a syslog server on the internal network. All you need is a server on which you can install any of the freely available syslog servers, like kiwi syslog server, and then configure PIX to send log messages to the syslog server. For this, you'll need following commands-

logging on

logging host inside x.x.x.x

(x.x.x.x is the ip address of the server)

logging trap [level]

Different levels are as follows:

0 - Emergencies - System unusable messages.

1 - Alerts - Take immediate attention.

2 - Critical - Critical Condition.

3 - Errors - Error messages (this is the default level)

4 - Warnings - Warning messages.

5 - Notifications - Normal but significant condition.

6 - Informational - Informational message.

7 - Debugging - Debug messages and log FTP commands and WWW URLs.

Either level no. or level name can be used in the above command.

Here is a link which tells in detail about all the syslog messages on PIX-

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/index.htm

Hope this is helpful.

Regards,

Vibhor.

New Member

Re: check the PIX logging

If you do not have a log server, you can check log directly on the pix.

#logging on

#logging timestamp

#logging buffered debugging ("buffered" means save the log to pix memory and "debugging" log the most detail info)

#show log

also you can try

#show access-list

2 REPLIES
Silver

Re: check the PIX logging

There are a couple of options available. If you just want to enable login temporarily to view the traffic allowed/denied by ACL, connect to PIX via telnet/ssh and use following commands-

logging on

logging monitor 7

terminal monitor

These commands will start displaying live logs on your telnet/ssh screen. To stop the logs, you need to type following command while logs are scrolling by-

terminal no monitor

For future purose, I'd recommend you to setup a syslog server on the internal network. All you need is a server on which you can install any of the freely available syslog servers, like kiwi syslog server, and then configure PIX to send log messages to the syslog server. For this, you'll need following commands-

logging on

logging host inside x.x.x.x

(x.x.x.x is the ip address of the server)

logging trap [level]

Different levels are as follows:

0 - Emergencies - System unusable messages.

1 - Alerts - Take immediate attention.

2 - Critical - Critical Condition.

3 - Errors - Error messages (this is the default level)

4 - Warnings - Warning messages.

5 - Notifications - Normal but significant condition.

6 - Informational - Informational message.

7 - Debugging - Debug messages and log FTP commands and WWW URLs.

Either level no. or level name can be used in the above command.

Here is a link which tells in detail about all the syslog messages on PIX-

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/index.htm

Hope this is helpful.

Regards,

Vibhor.

New Member

Re: check the PIX logging

If you do not have a log server, you can check log directly on the pix.

#logging on

#logging timestamp

#logging buffered debugging ("buffered" means save the log to pix memory and "debugging" log the most detail info)

#show log

also you can try

#show access-list

782
Views
0
Helpful
2
Replies
CreatePlease to create content