07-02-2003 05:28 AM - edited 03-09-2019 03:53 AM
Perhaps someone has addressed this already, my apologizes If I'm repetitive.
Is it possible to log xlate to a syslog server without having logging set to debug?
Or with the use of some other technique, e.g. SNMP.
Thanks in advance,
Chris
07-02-2003 06:06 AM
Hi,
I think that translations are also visible when logging set to 'info'.
Kind Regards,
Tom
07-02-2003 06:14 AM
Thank for the quick response. I appreciate it.
I would have a problem setting logging to informational.
My syslog events go up to 600msg/sec.
I would prefer to find another solution otherwise I will run out of disk space quickly.
Thanks,
Chris
07-02-2003 06:32 AM
Hi
I don't think there no other solution for this. I would be nice to have specific logging for xlate, but I am affraid it not in there yet.
You will have to buy a bunch of new hard disks for your logging :-)
Kind Regards,
Tom
07-02-2003 06:41 AM
Here is what I have come up with:
I have enabled logging trap to informational and have added the following:
no logging message 106015
no logging message 106011
no logging message 401004
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 609002
no logging message 609001
no logging message 302016
Therefore now I do get the xlate logging. Which is 305009.
This solves my problem. However, am I going to get performance issues?
I have noticed that the cpu usage stayed the same after I added the no logging messages.
Chris
07-02-2003 07:17 AM
With Pix 6.3, you can also change the logging level of each message. Therefore, you could make message 305009 log at the "Errors" level and syslog at the "Errors" level. Then you wouldn't need to turn off any messages.
Which firewall do you have? I log EVERYTHING on my Pix515 with a T1 connection and we have no problems.
07-02-2003 09:57 AM
We have a PIX535 with two OC3s and some more. My raw syslog data is 50MB every hour. That's on logging level warnings.
Thank you all for your assistance,
Chris
07-02-2003 07:24 AM
There is a shortcut if the PIX is on 6.3
You can selectively set the logging level for a particular syslog message to whatever level you need to, in this case, set it to a higher level to avoid the syslog server getting inundated with uncessary traffic/logs;
Look for the section " Changing Syslog Message Levels" on the below url
Hope that helps.
Yatin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide