Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Filtering based on the content of a syslog message

I know you can the PIX not to send certain Syslog messages. However I was wondering if you can tell the PIX to read part of the message and not send it if a particular address is contained in the message. We use the PIX syslogs to tell us the machines that have bypassed our proxy and are going to the Internet. However to generate this report I have to through out via a perl script all records that have the address of our two proxy servers in it. If I could do this on the PIX it would cut down on the amount of syslog messaging I send each day from this platform. I know that I would increase the amount of processing I do on the PIX and therefore effect its CPU. At this point we have low CPU utilization so I am willing to look at doing more filtering on the PIX as a trade off. Thanks.

Randy Moore

NOVA Chemicals

2 REPLIES
Cisco Employee

Re: Filtering based on the content of a syslog message

what version of pix are you running?

If you are running ver 7.0, I think you can do that.

there are lot more features added for customizing syslogs in version 7.0

see the link for reference

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a008045277d.html#wp1539633

New Member

Re: Filtering based on the content of a syslog message

Hi,

Thanks for the reply. We are currently running 6.3(1) if memory serves we right. No plans for 7.0 as our 515e doesn't have the memory as we have it setup in failover and 7.0 needs 128 MB in that configuration and we only have 64 if I recall.

Any idea if we can do this under 6?

100
Views
0
Helpful
2
Replies
CreatePlease login to create content