03-10-2006 10:01 AM - edited 02-21-2020 12:45 AM
Hi everyone.
I am running a PIX 515e w/ version 6.2(2)
I am working on configuring useful syslogging from the system. We have a network management suite to monitor our PIX. Trouble is even at a logging level of 2 (critial) on the PIX I am getting a bunch of connection based messages (106001 and 106006) that are clogging up the database. These don't seem like critical messages to me.
At the same time I do not see messages I would expect to see about failover status etc. (and a sh log via ssh connection doesn't show timestamps). Here's the logging config I'm working with.
logging on
logging timestamp
logging standby
logging buffered warnings
logging trap critical
logging history warnings
logging host inside <syslog1 IP>
Any suggestions/ explanations/ ideas?
Thanks!
Solved! Go to Solution.
03-10-2006 11:10 AM
If you do not want to log the connection messages, add a configuration line "no logging message (message number)" where the "message number" would be 106001 or 106006. Change your logging level to 4 or 5 (Warnings or Notifications) and see what shows up. A listing of messages by severity level can be found here:
03-10-2006 11:12 AM
You can change the logging level of this messages to debugging so you will not see them any more on your Syslog server.
Example Teardown messages:
logging message 302016 level debugging
In your case:
logging message 106001 level debugging
logging message 106006 level debugging
sincerely
Patrick
03-10-2006 11:10 AM
If you do not want to log the connection messages, add a configuration line "no logging message (message number)" where the "message number" would be 106001 or 106006. Change your logging level to 4 or 5 (Warnings or Notifications) and see what shows up. A listing of messages by severity level can be found here:
03-10-2006 01:15 PM
Any suggestions about Failover notices such as keepalives etc. Do they happen at a higher logging level?
Thanks again!
03-10-2006 01:35 PM
Failover keepalives do not log (as far as I could find). There are some failover messages that do log, but these are only during an "event" such as writing config to the failover unit from the primary, an actual failover event, etc. The link listed before has all the failover messages that could log, and a link to the failover process is provided below. Hope this helps.
03-10-2006 11:12 AM
You can change the logging level of this messages to debugging so you will not see them any more on your Syslog server.
Example Teardown messages:
logging message 302016 level debugging
In your case:
logging message 106001 level debugging
logging message 106006 level debugging
sincerely
Patrick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide