Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
4
Helpful
7
Replies

Logging xlate

chrisv
Level 1
Level 1

‎07-02-2003 05:28 AM - edited ‎03-09-2019 03:53 AM

Perhaps someone has addressed this already, my apologizes If I'm repetitive.

Is it possible to log xlate to a syslog server without having logging set to debug?

Or with the use of some other technique, e.g. SNMP.

Thanks in advance,

Chris

Labels:
0 Helpful
7 Replies 7

tvanginneken
Level 4
Level 4

‎07-02-2003 06:06 AM

Hi,

I think that translations are also visible when logging set to 'info'.

Kind Regards,

Tom

chrisv
Level 1
Level 1
In response to tvanginneken

‎07-02-2003 06:14 AM

Thank for the quick response. I appreciate it.

I would have a problem setting logging to informational.

My syslog events go up to 600msg/sec.

I would prefer to find another solution otherwise I will run out of disk space quickly.

Thanks,

Chris

0 Helpful

tvanginneken
Level 4
Level 4
In response to chrisv

‎07-02-2003 06:32 AM

Hi

I don't think there no other solution for this. I would be nice to have specific logging for xlate, but I am affraid it not in there yet.

You will have to buy a bunch of new hard disks for your logging :-)

Kind Regards,

Tom

0 Helpful

chrisv
Level 1
Level 1
In response to tvanginneken

‎07-02-2003 06:41 AM

Here is what I have come up with:

I have enabled logging trap to informational and have added the following:

no logging message 106015

no logging message 106011

no logging message 401004

no logging message 302015

no logging message 302014

no logging message 302013

no logging message 609002

no logging message 609001

no logging message 302016

Therefore now I do get the xlate logging. Which is 305009.

This solves my problem. However, am I going to get performance issues?

I have noticed that the cpu usage stayed the same after I added the no logging messages.

Chris

0 Helpful

shannong
Level 4
Level 4
In response to chrisv

‎07-02-2003 07:17 AM

With Pix 6.3, you can also change the logging level of each message. Therefore, you could make message 305009 log at the "Errors" level and syslog at the "Errors" level. Then you wouldn't need to turn off any messages.

Which firewall do you have? I log EVERYTHING on my Pix515 with a T1 connection and we have no problems.

0 Helpful

chrisv
Level 1
Level 1
In response to shannong

‎07-02-2003 09:57 AM

We have a PIX535 with two OC3s and some more. My raw syslog data is 50MB every hour. That's on logging level warnings.

Thank you all for your assistance,

Chris

0 Helpful

ywadhavk
Cisco Employee
Cisco Employee
In response to chrisv

‎07-02-2003 07:24 AM

There is a shortcut if the PIX is on 6.3

You can selectively set the logging level for a particular syslog message to whatever level you need to, in this case, set it to a higher level to avoid the syslog server getting inundated with uncessary traffic/logs;

Look for the section " Changing Syslog Message Levels" on the below url

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172797.html#1097219

Hope that helps.

Yatin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents