Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
567
Views
0
Helpful
3
Replies

Pix Logging

cadstillo
Level 1
Level 1

‎06-08-2007 07:14 AM - edited ‎03-11-2019 03:27 AM

I am new to the PIX and want to make sure that the logging is as high as it can be.

If it isnt how can I raise the level of logging to the highest level.

###########CONFIG-PORTION-START##########

[sho config]

logging on

logging monitor debugging

logging trap notifications

logging history warnings

logging host inside XXX.XXX.XX.XX

...

[sho logging]

Syslog logging: enabled

Facility: 20

Timestamp logging: disabled

Standby logging: disabled

Console logging: disabled

Monitor logging: level debugging, 0 messages logged

Buffer logging: disabled

Trap logging: level notifications, 506680159 messages logged

Logging to inside XXX.XXX.XX.XX

History logging: level warnings, 502996377 messages logged

Device ID: disabled

###########CONFIG-PORTION-END##########

Thanks

Labels:
0 Helpful
3 Replies 3

rsmith
Level 3
Level 3

‎06-08-2007 07:55 AM

First, if you enable the highest level of logging, you may get a performance hit. Generally, enabling the Debug level is only for troubleshooting. There are 8 levels of logging:

0 - Emergencies - system is unusable

1 - Alerts - Immediate action needed

2 - Critical - Critical conditions

3 - Errors - Error conditions

4 - Warnings - Warning conditions

5 - Notifications - Informational messages

6 - Informational - Normal but significant conditions

7 - Debugging - debug messages

Generally, if you want to be able to actually READ the logging files, setting to level 5 - Notifications would be enough. To capture the most information, set it to 6 - Informational.

#logging buffered info (if you want to see the logs on the PIX, "sho logg")

#logging trap info (or "notif" for less clutter)

I generally use the "informational" level on the trap (syslog) setting, and "notification" on the buffered logging.

#logging timestamp (add timestamps to logging)

You can enable the other logging options, but this could cause issues. (console logging will log to your console session, making it hard to see any commands entered or other information, Monitor logging will log to your remote access session (telnet, ssh))

Check out this URL about logging:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

0 Helpful

cadstillo
Level 1
Level 1
In response to rsmith

‎06-08-2007 08:47 AM

Thanks, how can I disable the timestamp logging?

-

Never mind I just saw it.

no logging timestamp

Thanks again for your help

0 Helpful

rsmith
Level 3
Level 3
In response to cadstillo

‎06-08-2007 08:53 AM

NP... It is usually a good idea to keep timestamps on if you syslog multiple devices, so you can correlate log entries if any issues happen. (and, of course, Time Servers and NTP on all devices to keep them syncronized.)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card