11-21-2007 07:52 AM - edited 03-11-2019 04:33 AM
Currently running a PIX 515E ver 6.35.
I need to log on a specific permit line in one of my access-lists and have that forwarded to a syslog server. I currently only log denies and dont want to turn on any higher logging b/c of the performance hit. So I was hoping to find a way to only log on one specific rule in the outside_inbound access-list...
I know I can setup a capture command with one specific rule for the inbound traffic in question, but is there a way to get that captured data to a syslog server ?
Any help would be appreciated..
11-21-2007 09:19 AM
Hi
You can add the keyword 'log' to the appropriate access-list line, which will generate a syslog message 106100 for every matching permit or deny, as explained in:
http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/ab.html#wp1067755
HTH
Kev
11-21-2007 10:17 AM
If that doesn't work, you may need one more step to it. Change the logging level.
Satya
11-21-2007 10:38 AM
So i tried the logging option by itself and that doesnt work. Then I bumped up global logging to level 6 (informational) and that seemed to generate the message when the traffic matched the statement. However b/c I have bumped the logging to 6 I know have a ton more syslogs generated for all other traffic flowing thru the firewall which is what i was trying to avoid.
Is there a better way ??
Cheers
Dave
11-21-2007 11:07 AM
Well it looks like if I set the access-log log setting to 4 it will still generate the required message (matched permit) even if my logging trap is set to 4 as well. So that pretty much gives me what I want.
Thanks for the help
Dave
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: