Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
1
Replies

logging to find which ports are blocked

tsrader
Level 1
Level 1

‎10-05-2005 09:52 AM - edited ‎03-09-2019 12:37 PM

how is logging turned on for the pix 525?

i am using object-groups extensively for securing traffic between two networks and need to determine which ports are being blocked so i can open them.

Labels:
0 Helpful
1 Reply 1

Patrick Iseli
Level 7
Level 7

‎10-05-2005 11:56 AM

You can add the log statement in specific access-list line and define the log level.

Command reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a3.html#wp1067755

[no] access-list id [line line-num] {deny | permit} icmp {source_addr source_mask} |

interface if_name | object-group network_obj_grp_id {destination_addr | remote_addr} {destination_mask | remote_mask} | interface if_name | object-group network_obj_grp_id [icmp_type | object-group icmp_type_obj_grp_id] [log [[disable | default] | [level]]] [interval secs]]

Enable syslog or other logging options:

For local logging buffer without syslog use:

logging on

logg buffer warning

# Enables logging in to PIX memory buffer use < show logg > to see the output.

For syslog setup use:

Note you need to install a syslog server somewhere in your network. Free syslog tolls can be KIWI Syslog deamon or 3COMDeamon.

logg on

logging trap warning

logg host YourIPAddress

Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a9.html#wp1028090

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents