12-11-2006 06:01 PM - edited 03-11-2019 02:07 AM
Hi Guys,
ANyway to check who did telnetting to the PIX firewall , something like a log for the user login?
OR any way I can check if some changes being done by this account at certain time?
TIA.
ken
Solved! Go to Solution.
12-11-2006 07:08 PM
Hi,
sure enable logging informational to the buffer or an external syslog server .. you can find freewares on the web such as kiwy Cat tools http://www.kiwisyslog.com/index.php
Refer to the PIX command reference for instructions on how to set up logging to a host
http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094885.shtml
A brief example is below
logging on
logging trap informational
logging host [interface] ip_address where interface is the interface behind which the syslog server is located and 'ip-address' is the address of the server. NOTE: by default syslog messages use UDP 514 and so make sure you configure that on the syslog server.
Alternatively you can send syslogs to the PIX buffer by entering
logging buffered informational
These logs will be temparary stored on the PIX until the next reboot or the buffer size fills up in whcih case the old events will be overwritten.
to view the events stored on te local buffer type in 'show logging' andlook for events number
111008
605005
111002
I hope it helps .. please rate it if it does !!!
12-11-2006 07:08 PM
Hi,
sure enable logging informational to the buffer or an external syslog server .. you can find freewares on the web such as kiwy Cat tools http://www.kiwisyslog.com/index.php
Refer to the PIX command reference for instructions on how to set up logging to a host
http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094885.shtml
A brief example is below
logging on
logging trap informational
logging host [interface] ip_address where interface is the interface behind which the syslog server is located and 'ip-address' is the address of the server. NOTE: by default syslog messages use UDP 514 and so make sure you configure that on the syslog server.
Alternatively you can send syslogs to the PIX buffer by entering
logging buffered informational
These logs will be temparary stored on the PIX until the next reboot or the buffer size fills up in whcih case the old events will be overwritten.
to view the events stored on te local buffer type in 'show logging' andlook for events number
111008
605005
111002
I hope it helps .. please rate it if it does !!!
12-11-2006 07:32 PM
Thanks Fernando ! It is really useful..:D
Rated 5 for you..;)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: