Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Monitor logging on PIX515(E)

Hi,

We have a PIX515(E) and we want to monitor the traffic. So that we have the posibility to see which user is visiting which websites and how often. I believe there is a certain logging command, isn't there?

Could anyone tell me which logging that would be and how to turn in on?

Thanks in advance.

Danny.

4 REPLIES
Cisco Employee

Re: Monitor logging on PIX515(E)

Logs at debug level would not tell you which website you visits but would definitely tell you the ip address..along with the ports information...

First you would need to install a syslog server software on one of the computers. You may

download one of the popular kiwisyslog server from

http://www.kiwisyslog.com/software_downloads.htm .

It is listed as Kiwi Syslog Daemon and latest version is 7.1.0. You may download standard

edition that runs as a program.

Once the syslog server is installed you will then need to login into the PIX in

configuration terminal mode and enter the following commands.

logging host [in_if_name] ip_address

(example: logging host inside 1.2.3.4

We are assuming syslog server is installed on computer with IP address 1.2.3.4 in the

inside network.)

logging timestamp

logging trap 7

logging on

"Logging on level 7 is only for debugging purposes and do not leave pix on level 7 "

see if this helps !

Silver

Re: Monitor logging on PIX515(E)

logging on

logging host 1.2.3.4

logging timestamp

logging trap 6

you do NOT need "logging trap 7" to tell you which website users visit. "logging trap 6"

will generate less syslog messages and it also

can tell you which website user(s) visit.

They both can tell you the same thing but

"logging trap 6" generates much less message.

I am not a windows person. If you use

Linux/Unix syslog-ng, you can have granular

syslog than windows. Just make sure you

have the "-r" option in your syslog config

so that it can accept syslog from other

devices.

CCIE Security

Cisco Employee

Re: Monitor logging on PIX515(E)

Requster..you need to be on logging trap 7 to see www/urls..

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/l2_72.html#wp1690864

New Member

Re: Monitor logging on PIX515(E)

Alright, thanks everybody for the answers. I will read the documenation and I'll let you know if it resolved my problem.

With Kind Regards,

Danny

237
Views
0
Helpful
4
Replies
CreatePlease to create content