cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
534
Views
0
Helpful
4
Replies

Pix 515E - Acces-list logging ?

dclee
Level 1
Level 1

Currently running a PIX 515E ver 6.35.

I need to log on a specific permit line in one of my access-lists and have that forwarded to a syslog server. I currently only log denies and dont want to turn on any higher logging b/c of the performance hit. So I was hoping to find a way to only log on one specific rule in the outside_inbound access-list...

I know I can setup a capture command with one specific rule for the inbound traffic in question, but is there a way to get that captured data to a syslog server ?

Any help would be appreciated..

4 Replies 4

kagodfrey
Level 3
Level 3

Hi

You can add the keyword 'log' to the appropriate access-list line, which will generate a syslog message 106100 for every matching permit or deny, as explained in:

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/ab.html#wp1067755

HTH

Kev

If that doesn't work, you may need one more step to it. Change the logging level.

Satya

So i tried the logging option by itself and that doesnt work. Then I bumped up global logging to level 6 (informational) and that seemed to generate the message when the traffic matched the statement. However b/c I have bumped the logging to 6 I know have a ton more syslogs generated for all other traffic flowing thru the firewall which is what i was trying to avoid.

Is there a better way ??

Cheers

Dave

Well it looks like if I set the access-log log setting to 4 it will still generate the required message (matched permit) even if my logging trap is set to 4 as well. So that pretty much gives me what I want.

Thanks for the help

Dave

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: