12-08-2005 09:01 AM - edited 02-21-2020 12:34 AM
We are running 7.0(2) on a pair of PIX 525. We have a syslog server and we are demoing a system that analyizes syslog messages, so we need the PIX to send syslog messages to two hosts.
We defined two hosts with the following commands, but discovered that the PIX does not send messages to the second host. If we reverse the order, it still will only send messages to the first host listed.
logging host inside 10.2.1.10
logging host inside 10.2.1.19
Is it possible to send messages to more than one syslog server?
Thanks,
Daris
12-09-2005 12:47 AM
hi
I dont think its possible to have 2 different servers configured to collect the logs...
do refer what the supporting doc says..
"You can specify only one syslog output command in your configuration. PIX Firewall sends all messages to the single facility you choose.
The SYSLOG server must be on the inside network.
You can specify only one syslog output command in your configuration. PIX Firewall sends all messages to the single facility you choose.
The SYSLOG server must be on the inside network.
PIX Firewall sends SYSLOG messages only to a single file on the receiving system."
regds
12-09-2005 02:16 AM
Hello,
I completely disagree with the above statement:
1.)
The above mentioned
"one syslog output"
concerns the pix command
logging facility
The logging facility must be unique,
because there is no coupling between the
entries of
loggings hosts and the logging facility.
2.) multiple logging hosts:
It is possible to you use
"multiple logging host commands", compare the command
logging host
We use normally 2 logging hosts for Cisco Pix system.
3.) The logging host can be located on any interface
of a Cisco Pix, even at the ouside interface
or the interface with the lowest security level.
In the case of the interface with the security level value 0, this means normally the outside interface,
one gets a warning of the following form:
WARNING: interface outside security level is 0
This warning is reasonable, because such a
firewall logging architecture is insecure and
only appropriate for testing purposes.
Regards, Barbara
12-09-2005 09:30 AM
Barbara,
You're obviously correct. The information that spremkumar quoted was from the Pix 4.0 documentation. The reference under your point 2 is from the 7.0 command reference guide. I read it and it clearly states that you can configure multiple hosts. I wonder if this is a problem specific to 7.0(2).
We had it working in 5.2 Just noticed that it wasn't working in 7.
So, back to my question, why can't I get it to work? Anyone??
12-11-2005 08:35 AM
Hi,
This is a known bug in PIX 7.0(2) which was fixed in some of the interm releases.
(BUG CSCei68587)
Upgrading to version 7.0(4) fixed this for me.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: