Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Logging useful PIX information

Hi everyone.

I am running a PIX 515e w/ version 6.2(2)

I am working on configuring useful syslogging from the system. We have a network management suite to monitor our PIX. Trouble is even at a logging level of 2 (critial) on the PIX I am getting a bunch of connection based messages (106001 and 106006) that are clogging up the database. These don't seem like critical messages to me.

At the same time I do not see messages I would expect to see about failover status etc. (and a sh log via ssh connection doesn't show timestamps). Here's the logging config I'm working with.

logging on

logging timestamp

logging standby

logging buffered warnings

logging trap critical

logging history warnings

logging host inside <syslog1 IP>

Any suggestions/ explanations/ ideas?

Thanks!

2 ACCEPTED SOLUTIONS

Accepted Solutions
Bronze

Re: Logging useful PIX information

If you do not want to log the connection messages, add a configuration line "no logging message (message number)" where the "message number" would be 106001 or 106006. Change your logging level to 4 or 5 (Warnings or Notifications) and see what shows up. A listing of messages by severity level can be found here:

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a0080441d02.html

Re: Logging useful PIX information

You can change the logging level of this messages to debugging so you will not see them any more on your Syslog server.

Example Teardown messages:

logging message 302016 level debugging

In your case:

logging message 106001 level debugging

logging message 106006 level debugging

sincerely

Patrick

4 REPLIES
Bronze

Re: Logging useful PIX information

If you do not want to log the connection messages, add a configuration line "no logging message (message number)" where the "message number" would be 106001 or 106006. Change your logging level to 4 or 5 (Warnings or Notifications) and see what shows up. A listing of messages by severity level can be found here:

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a0080441d02.html

New Member

Re: Logging useful PIX information

Any suggestions about Failover notices such as keepalives etc. Do they happen at a higher logging level?

Thanks again!

Bronze

Re: Logging useful PIX information

Failover keepalives do not log (as far as I could find). There are some failover messages that do log, but these are only during an "event" such as writing config to the failover unit from the primary, an actual failover event, etc. The link listed before has all the failover messages that could log, and a link to the failover process is provided below. Hope this helps.

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb72f.html#wp1007451

Re: Logging useful PIX information

You can change the logging level of this messages to debugging so you will not see them any more on your Syslog server.

Example Teardown messages:

logging message 302016 level debugging

In your case:

logging message 106001 level debugging

logging message 106006 level debugging

sincerely

Patrick

97
Views
0
Helpful
4
Replies