06-08-2007 07:14 AM - edited 03-11-2019 03:27 AM
I am new to the PIX and want to make sure that the logging is as high as it can be.
If it isnt how can I raise the level of logging to the highest level.
###########CONFIG-PORTION-START##########
[sho config]
logging on
logging monitor debugging
logging trap notifications
logging history warnings
logging host inside XXX.XXX.XX.XX
...
[sho logging]
Syslog logging: enabled
Facility: 20
Timestamp logging: disabled
Standby logging: disabled
Console logging: disabled
Monitor logging: level debugging, 0 messages logged
Buffer logging: disabled
Trap logging: level notifications, 506680159 messages logged
Logging to inside XXX.XXX.XX.XX
History logging: level warnings, 502996377 messages logged
Device ID: disabled
###########CONFIG-PORTION-END##########
Thanks
06-08-2007 07:55 AM
First, if you enable the highest level of logging, you may get a performance hit. Generally, enabling the Debug level is only for troubleshooting. There are 8 levels of logging:
0 - Emergencies - system is unusable
1 - Alerts - Immediate action needed
2 - Critical - Critical conditions
3 - Errors - Error conditions
4 - Warnings - Warning conditions
5 - Notifications - Informational messages
6 - Informational - Normal but significant conditions
7 - Debugging - debug messages
Generally, if you want to be able to actually READ the logging files, setting to level 5 - Notifications would be enough. To capture the most information, set it to 6 - Informational.
#logging buffered info (if you want to see the logs on the PIX, "sho logg")
#logging trap info (or "notif" for less clutter)
I generally use the "informational" level on the trap (syslog) setting, and "notification" on the buffered logging.
#logging timestamp (add timestamps to logging)
You can enable the other logging options, but this could cause issues. (console logging will log to your console session, making it hard to see any commands entered or other information, Monitor logging will log to your remote access session (telnet, ssh))
Check out this URL about logging:
06-08-2007 08:47 AM
Thanks, how can I disable the timestamp logging?
-
Never mind I just saw it.
no logging timestamp
Thanks again for your help
06-08-2007 08:53 AM
NP... It is usually a good idea to keep timestamps on if you syslog multiple devices, so you can correlate log entries if any issues happen. (and, of course, Time Servers and NTP on all devices to keep them syncronized.)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide