Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX logging levels and useful traffic

Hi everyone.

I am running a PIX 515e w/ version 6.2(2)

I am working on configuring useful syslogging from the system. We have a network management suite to monitor our PIX. Trouble is even at a logging level of 2 (critial) on the PIX I am getting a bunch of connection based messages (106001 and 106006) that are clogging up the database. These don't seem like critical messages to me.

At the same time I do not see messages I would expect to see about failover status etc. (and a sh log via ssh connection doesn't show timestamps). Here's the logging config I'm working with.

logging on

logging timestamp

logging standby

logging buffered warnings

logging trap critical

logging history warnings

logging host inside <syslog1 IP>

Any suggestions/ explanations/ ideas?



Re: PIX logging levels and useful traffic

The single syslog daemon (syslogd) can be thought of as having multiple pipes. It uses the pipes to decide where to send incoming information based on the pipe on which the information arrives. In this analogy, the logging facilities are the pipes by which the syslogd decides where to send information it receives.

The eight logging facilities commonly used for syslog are local0 through local7.


When a PIX is set up to send syslog messages, levels of lower importance include levels of higher importance. For example, if the PIX is set for warning, then error, critical, alert, and emergency messages are also sent in addition to warning. A debug setting includes messages at all eight levels.

Community Member

Re: PIX logging levels and useful traffic

no logging message 106006

no logging message 106001

I always turn off any messages that I dont feel are important enough to log or capture.


CreatePlease to create content