03-01-2004 09:05 AM - edited 02-20-2020 11:15 PM
Hello,
We have placed a 515E on our network and we want to be able to log who was what external IP address(or PAT port) when. It seems like a feature that everyone would use but for the life of me I can not figure it out. Have setup syslog but it does not help, nothing or to verbose(Every TCP connection logged). Figured it is something simple that I am over looking, Tryed a SNMP walk but could not find this data this way either. Could make a cronjob user that can only get the xlate but I am hoping there is a better way. Thanks for any help you can give...Scott
03-01-2004 01:16 PM
Hi,
SYSLOGS, with probably a logging level of 6, or 7. would give you information about the connections being made from what local to what global address.
thanks
Nadeem
03-02-2004 06:20 AM
My guess is that you are looking for syslog messages 305011 and 305012 (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemsgs.htm).
As Nadeem mentioned, these are level 6 messages in the 6.3 code. The problem with logging at level 6 (as you have seen) is that you get a *lot* of other info as well. If you are only interested in getting these 2 messages from the level 6 syslogs, you can change the default level they are given in the 6.3 code. For instance, let's say you normally just send level 3 and below messages to your syslog server. In the 6.3 code, you now have the option to assign syslog ID 305011 and 305012 as level 3 messages as well. This way, you get the info you need without overwhelming your syslog server with info you don't want. Here is a link that discusses this config parameter on the PIX:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#1028090
Good luck and let us know if you have any other questions concerning this or if this does not answer you question.
Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide