Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX and reporting inbound connections

One of my customers asked me if there is a way for the PIX to report connection information about all inbound connection requests to his web server and e-mail server. He would like to log all inbound traffic requests. Is this possible?

2 REPLIES
New Member

Re: PIX and reporting inbound connections

You can use the 'show local-host' command to see real-time the active connections to a local host and the status of each connection. To log sessions, you require to setup syslogging (infomation level) and use a third party application to substract specific information from the syslog file.

New Member

Re: PIX and reporting inbound connections

Henry...I post this in another thread with a similar topic. Give this a try...

I was frustrated by this as well. While you can use "Informational" level logging you end up with a signal-to-noise ratio that is very poor.

My solution was to add an access-list statement on the edge router on the outside interface of the pix that looks something like...

access-list 105 permit tcp any host eq 22 log (for example)

This way the router allows the connection AND logs it like...

Sep 6 09:55:16 78: %SEC-6-IPACCESSLOGP: list 105 permitted tcp (29059) -> (22), 1 packet

You only log the connections you care about and then you can set the PIX logging level back where it should be.

Hope this helps. It sure beats sorting through all those "informational" logs!

Pete

72
Views
0
Helpful
2
Replies