Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX 525-How do I capture all source-destination info

I have a customer with a PIX 525 currently doing allow all-exclude by exception and we need to change this!! Since they don't know who should or shouldn't be getting through, how do I capture source/destination traffic for all users to obtain this info?

3 REPLIES
Silver

Re: PIX 525-How do I capture all source-destination info

A way would be to configure a syslog server to capture all the traffic going through PIX. However in your situation, I feel that you'll get lot of logs and will have to find traffic related to IPs you are interested in from thos huge log files. Here's how you can configure PIX for syslogging-

You can download a syslog server from following link, if required.

The name of the tool is Kiwi Syslog Server.

http://www.kiwisyslog.com/php/download.php?syslogd_kiwitools

Install the server on any system connected to PIX, and then reboot the server.

Now enter following commands on your PIX :

pix(config)# logging host [interface_name] [ip_address]

pix(config)# logging trap [level]

pix(config)# logging on

[interface_name] ----> name of interface on which syslog server is connected

(inside).

[ip_address] ----> ip address of workstation where you install sylog server.

[level] ----> level of logging desired.

Different levels are as follows:

0 - Emergencies - System unusable messages.

1 - Alerts - Take immediate attention.

2 - Critical - Critical Condition.

3 - Errors - Error messages (this is the default level)

4 - Warnings - Warning messages.

5 - Notifications - Normal but significant condition.

6 - Informational - Informational message.

7 - Debugging - Debug messages and log FTP commands and WWW URLs.

Either level no. or level name can be used in the above command.

Here is a link which tells in detail about all the syslog messages on PIX-

http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html

If you are using 7.x code-

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/syslog/logmsgs.htm

Hope this helps.

Regards,

Vibhor.

Community Member

Re: PIX 525-How do I capture all source-destination info

Is there any option within the PIX to audit or monitor traffic without using a syslog described above?

Silver

Re: PIX 525-How do I capture all source-destination info

You could use the capture feature. Then you can take the capture a review it in Wireshark.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml#s1

Thanks,

Chad

Please rate if helpful.

558
Views
0
Helpful
3
Replies
CreatePlease to create content