cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2171
Views
0
Helpful
2
Replies

check the PIX logging

shibindong
Level 1
Level 1

I configured the ACL on the PIX 501 FW to allow certain traffic passing through. I like to check the log of the FW, which cammand I need to use to turn on the logging and see whether the traffic is being pass through or blocked?

I am using PIX ver 6.3

2 Accepted Solutions

Accepted Solutions

vitripat
Level 7
Level 7

There are a couple of options available. If you just want to enable login temporarily to view the traffic allowed/denied by ACL, connect to PIX via telnet/ssh and use following commands-

logging on

logging monitor 7

terminal monitor

These commands will start displaying live logs on your telnet/ssh screen. To stop the logs, you need to type following command while logs are scrolling by-

terminal no monitor

For future purose, I'd recommend you to setup a syslog server on the internal network. All you need is a server on which you can install any of the freely available syslog servers, like kiwi syslog server, and then configure PIX to send log messages to the syslog server. For this, you'll need following commands-

logging on

logging host inside x.x.x.x

(x.x.x.x is the ip address of the server)

logging trap [level]

Different levels are as follows:

0 - Emergencies - System unusable messages.

1 - Alerts - Take immediate attention.

2 - Critical - Critical Condition.

3 - Errors - Error messages (this is the default level)

4 - Warnings - Warning messages.

5 - Notifications - Normal but significant condition.

6 - Informational - Informational message.

7 - Debugging - Debug messages and log FTP commands and WWW URLs.

Either level no. or level name can be used in the above command.

Here is a link which tells in detail about all the syslog messages on PIX-

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/index.htm

Hope this is helpful.

Regards,

Vibhor.

View solution in original post

rico_hao40
Level 1
Level 1

If you do not have a log server, you can check log directly on the pix.

#logging on

#logging timestamp

#logging buffered debugging ("buffered" means save the log to pix memory and "debugging" log the most detail info)

#show log

also you can try

#show access-list

View solution in original post

2 Replies 2

vitripat
Level 7
Level 7

There are a couple of options available. If you just want to enable login temporarily to view the traffic allowed/denied by ACL, connect to PIX via telnet/ssh and use following commands-

logging on

logging monitor 7

terminal monitor

These commands will start displaying live logs on your telnet/ssh screen. To stop the logs, you need to type following command while logs are scrolling by-

terminal no monitor

For future purose, I'd recommend you to setup a syslog server on the internal network. All you need is a server on which you can install any of the freely available syslog servers, like kiwi syslog server, and then configure PIX to send log messages to the syslog server. For this, you'll need following commands-

logging on

logging host inside x.x.x.x

(x.x.x.x is the ip address of the server)

logging trap [level]

Different levels are as follows:

0 - Emergencies - System unusable messages.

1 - Alerts - Take immediate attention.

2 - Critical - Critical Condition.

3 - Errors - Error messages (this is the default level)

4 - Warnings - Warning messages.

5 - Notifications - Normal but significant condition.

6 - Informational - Informational message.

7 - Debugging - Debug messages and log FTP commands and WWW URLs.

Either level no. or level name can be used in the above command.

Here is a link which tells in detail about all the syslog messages on PIX-

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/index.htm

Hope this is helpful.

Regards,

Vibhor.

rico_hao40
Level 1
Level 1

If you do not have a log server, you can check log directly on the pix.

#logging on

#logging timestamp

#logging buffered debugging ("buffered" means save the log to pix memory and "debugging" log the most detail info)

#show log

also you can try

#show access-list

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: