Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
4
Helpful
4
Replies

PIX 7 Logging host issues

dbouthillier
Level 1
Level 1

‎12-08-2005 09:01 AM - edited ‎02-21-2020 12:34 AM

We are running 7.0(2) on a pair of PIX 525. We have a syslog server and we are demoing a system that analyizes syslog messages, so we need the PIX to send syslog messages to two hosts.

We defined two hosts with the following commands, but discovered that the PIX does not send messages to the second host. If we reverse the order, it still will only send messages to the first host listed.

logging host inside 10.2.1.10

logging host inside 10.2.1.19

Is it possible to send messages to more than one syslog server?

Thanks,

Daris

0 Helpful
4 Replies 4

spremkumar
Level 9
Level 9

‎12-09-2005 12:47 AM

hi

I dont think its possible to have 2 different servers configured to collect the logs...

do refer what the supporting doc says..

"You can specify only one syslog output command in your configuration. PIX Firewall sends all messages to the single facility you choose.

The SYSLOG server must be on the inside network.

You can specify only one syslog output command in your configuration. PIX Firewall sends all messages to the single facility you choose.

The SYSLOG server must be on the inside network.

PIX Firewall sends SYSLOG messages only to a single file on the receiving system."

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00801162ec.html#1861

regds

bLoehle
Level 1
Level 1
In response to spremkumar

‎12-09-2005 02:16 AM

Hello,

I completely disagree with the above statement:

1.)

The above mentioned

"one syslog output"

concerns the pix command

logging facility

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a008045277d.html#wp1585230

The logging facility must be unique,

because there is no coupling between the

entries of

loggings hosts and the logging facility.

2.) multiple logging hosts:

It is possible to you use

"multiple logging host commands", compare the command

logging host

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a008045277d.html

We use normally 2 logging hosts for Cisco Pix system.

3.) The logging host can be located on any interface

of a Cisco Pix, even at the ouside interface

or the interface with the lowest security level.

In the case of the interface with the security level value 0, this means normally the outside interface,

one gets a warning of the following form:

WARNING: interface outside security level is 0

This warning is reasonable, because such a

firewall logging architecture is insecure and

only appropriate for testing purposes.

Regards, Barbara

dbouthillier
Level 1
Level 1
In response to bLoehle

‎12-09-2005 09:30 AM

Barbara,

You're obviously correct. The information that spremkumar quoted was from the Pix 4.0 documentation. The reference under your point 2 is from the 7.0 command reference guide. I read it and it clearly states that you can configure multiple hosts. I wonder if this is a problem specific to 7.0(2).

We had it working in 5.2 Just noticed that it wasn't working in 7.

So, back to my question, why can't I get it to work? Anyone??

0 Helpful

mikkoss
Level 1
Level 1

‎12-11-2005 08:35 AM

Hi,

This is a known bug in PIX 7.0(2) which was fixed in some of the interm releases.

(BUG CSCei68587)

Upgrading to version 7.0(4) fixed this for me.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card