Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

logging to find which ports are blocked

how is logging turned on for the pix 525?

i am using object-groups extensively for securing traffic between two networks and need to determine which ports are being blocked so i can open them.

1 REPLY

Re: logging to find which ports are blocked

You can add the log statement in specific access-list line and define the log level.

Command reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a3.html#wp1067755

[no] access-list id [line line-num] {deny | permit} icmp {source_addr source_mask} |

interface if_name | object-group network_obj_grp_id {destination_addr | remote_addr} {destination_mask | remote_mask} | interface if_name | object-group network_obj_grp_id [icmp_type | object-group icmp_type_obj_grp_id] [log [[disable | default] | [level]]] [interval secs]]

Enable syslog or other logging options:

For local logging buffer without syslog use:

logging on

logg buffer warning

# Enables logging in to PIX memory buffer use < show logg > to see the output.

For syslog setup use:

Note you need to install a syslog server somewhere in your network. Free syslog tolls can be KIWI Syslog deamon or 3COMDeamon.

logg on

logging trap warning

logg host YourIPAddress

Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a9.html#wp1028090

sincerely

Patrick

167
Views
0
Helpful
1
Replies
CreatePlease to create content