Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Pix Logging

I am new to the PIX and want to make sure that the logging is as high as it can be.

If it isnt how can I raise the level of logging to the highest level.

###########CONFIG-PORTION-START##########

[sho config]

logging on

logging monitor debugging

logging trap notifications

logging history warnings

logging host inside XXX.XXX.XX.XX

...

[sho logging]

Syslog logging: enabled

Facility: 20

Timestamp logging: disabled

Standby logging: disabled

Console logging: disabled

Monitor logging: level debugging, 0 messages logged

Buffer logging: disabled

Trap logging: level notifications, 506680159 messages logged

Logging to inside XXX.XXX.XX.XX

History logging: level warnings, 502996377 messages logged

Device ID: disabled

###########CONFIG-PORTION-END##########

Thanks

3 REPLIES
Bronze

Re: Pix Logging

First, if you enable the highest level of logging, you may get a performance hit. Generally, enabling the Debug level is only for troubleshooting. There are 8 levels of logging:

0 - Emergencies - system is unusable

1 - Alerts - Immediate action needed

2 - Critical - Critical conditions

3 - Errors - Error conditions

4 - Warnings - Warning conditions

5 - Notifications - Informational messages

6 - Informational - Normal but significant conditions

7 - Debugging - debug messages

Generally, if you want to be able to actually READ the logging files, setting to level 5 - Notifications would be enough. To capture the most information, set it to 6 - Informational.

#logging buffered info (if you want to see the logs on the PIX, "sho logg")

#logging trap info (or "notif" for less clutter)

I generally use the "informational" level on the trap (syslog) setting, and "notification" on the buffered logging.

#logging timestamp (add timestamps to logging)

You can enable the other logging options, but this could cause issues. (console logging will log to your console session, making it hard to see any commands entered or other information, Monitor logging will log to your remote access session (telnet, ssh))

Check out this URL about logging:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

Community Member

Re: Pix Logging

Thanks, how can I disable the timestamp logging?

-

Never mind I just saw it.

no logging timestamp

Thanks again for your help

Bronze

Re: Pix Logging

NP... It is usually a good idea to keep timestamps on if you syslog multiple devices, so you can correlate log entries if any issues happen. (and, of course, Time Servers and NTP on all devices to keep them syncronized.)

326
Views
0
Helpful
3
Replies
CreatePlease to create content