Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX 7 Logging host issues

We are running 7.0(2) on a pair of PIX 525. We have a syslog server and we are demoing a system that analyizes syslog messages, so we need the PIX to send syslog messages to two hosts.

We defined two hosts with the following commands, but discovered that the PIX does not send messages to the second host. If we reverse the order, it still will only send messages to the first host listed.

logging host inside 10.2.1.10

logging host inside 10.2.1.19

Is it possible to send messages to more than one syslog server?

Thanks,

Daris

4 REPLIES

Re: PIX 7 Logging host issues

hi

I dont think its possible to have 2 different servers configured to collect the logs...

do refer what the supporting doc says..

"You can specify only one syslog output command in your configuration. PIX Firewall sends all messages to the single facility you choose.

The SYSLOG server must be on the inside network.

You can specify only one syslog output command in your configuration. PIX Firewall sends all messages to the single facility you choose.

The SYSLOG server must be on the inside network.

PIX Firewall sends SYSLOG messages only to a single file on the receiving system."

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00801162ec.html#1861

regds

Community Member

Re: PIX 7 Logging host issues

Hello,

I completely disagree with the above statement:

1.)

The above mentioned

"one syslog output"

concerns the pix command

logging facility

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a008045277d.html#wp1585230

The logging facility must be unique,

because there is no coupling between the

entries of

loggings hosts and the logging facility.

2.) multiple logging hosts:

It is possible to you use

"multiple logging host commands", compare the command

logging host

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a008045277d.html

We use normally 2 logging hosts for Cisco Pix system.

3.) The logging host can be located on any interface

of a Cisco Pix, even at the ouside interface

or the interface with the lowest security level.

In the case of the interface with the security level value 0, this means normally the outside interface,

one gets a warning of the following form:

WARNING: interface outside security level is 0

This warning is reasonable, because such a

firewall logging architecture is insecure and

only appropriate for testing purposes.

Regards, Barbara

Community Member

Re: PIX 7 Logging host issues

Barbara,

You're obviously correct. The information that spremkumar quoted was from the Pix 4.0 documentation. The reference under your point 2 is from the 7.0 command reference guide. I read it and it clearly states that you can configure multiple hosts. I wonder if this is a problem specific to 7.0(2).

We had it working in 5.2 Just noticed that it wasn't working in 7.

So, back to my question, why can't I get it to work? Anyone??

Community Member

Re: PIX 7 Logging host issues

Hi,

This is a known bug in PIX 7.0(2) which was fixed in some of the interm releases.

(BUG CSCei68587)

Upgrading to version 7.0(4) fixed this for me.

499
Views
4
Helpful
4
Replies
CreatePlease to create content