Re: PIX 515E xlate logging

sdaniels · ‎03-01-2004

Hello,

We have placed a 515E on our network and we want to be able to log who was what external IP address(or PAT port) when. It seems like a feature that everyone would use but for the life of me I can not figure it out. Have setup syslog but it does not help, nothing or to verbose(Every TCP connection logged). Figured it is something simple that I am over looking, Tryed a SNMP walk but could not find this data this way either. Could make a cronjob user that can only get the xlate but I am hoping there is a better way. Thanks for any help you can give...Scott

nkhawaja · ‎03-01-2004

Hi,

SYSLOGS, with probably a logging level of 6, or 7. would give you information about the connections being made from what local to what global address.

thanks

Nadeem

scoclayton · ‎03-02-2004

My guess is that you are looking for syslog messages 305011 and 305012 (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemsgs.htm).

As Nadeem mentioned, these are level 6 messages in the 6.3 code. The problem with logging at level 6 (as you have seen) is that you get a *lot* of other info as well. If you are only interested in getting these 2 messages from the level 6 syslogs, you can change the default level they are given in the 6.3 code. For instance, let's say you normally just send level 3 and below messages to your syslog server. In the 6.3 code, you now have the option to assign syslog ID 305011 and 305012 as level 3 messages as well. This way, you get the info you need without overwhelming your syslog server with info you don't want. Here is a link that discusses this config parameter on the PIX:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#1028090

Good luck and let us know if you have any other questions concerning this or if this does not answer you question.

Scott