Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
258
Views
0
Helpful
2
Replies

Filtering based on the content of a syslog message

moorera
Level 1
Level 1

‎10-12-2005 12:37 PM - edited ‎03-09-2019 12:42 PM

I know you can the PIX not to send certain Syslog messages. However I was wondering if you can tell the PIX to read part of the message and not send it if a particular address is contained in the message. We use the PIX syslogs to tell us the machines that have bypassed our proxy and are going to the Internet. However to generate this report I have to through out via a perl script all records that have the address of our two proxy servers in it. If I could do this on the PIX it would cut down on the amount of syslog messaging I send each day from this platform. I know that I would increase the amount of processing I do on the PIX and therefore effect its CPU. At this point we have low CPU utilization so I am willing to look at doing more filtering on the PIX as a trade off. Thanks.

Randy Moore

NOVA Chemicals

Labels:
0 Helpful
2 Replies 2

nkhawaja
Cisco Employee
Cisco Employee

‎10-12-2005 07:29 PM

what version of pix are you running?

If you are running ver 7.0, I think you can do that.

there are lot more features added for customizing syslogs in version 7.0

see the link for reference

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a008045277d.html#wp1539633

0 Helpful

moorera
Level 1
Level 1
In response to nkhawaja

‎10-12-2005 07:46 PM

Hi,

Thanks for the reply. We are currently running 6.3(1) if memory serves we right. No plans for 7.0 as our 515e doesn't have the memory as we have it setup in failover and 7.0 needs 128 MB in that configuration and we only have 64 if I recall.

Any idea if we can do this under 6?

0 Helpful
Customers Also Viewed These Support Documents