Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix Firewall Syslog Server on Windows NT

Can someone direct me to an online document explaing setting up a Win NT box to receive syslog messages frm pix 6.2(2).

Thanks

vik

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Pix Firewall Syslog Server on Windows NT

Don't think there's any documentation specifically on this.

You'll need some syslog software, Kiwi Syslog software is free and quite good, you can get it from www.kiwisyslog.com.

Load it up then set up your PIX to send logging messagaes to it, that's about all there is to it. Logging commands on the PIX can be found here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#1028090

I would suggest you use UDP syslogging rather than TCP. If you use TCP and the PIX is unable to contact the syslog server for whatever reason, the PIX by design will stop all traffic flowing through it (the theory is that if you can't log it, don't allow it).

4 REPLIES
Cisco Employee

Re: Pix Firewall Syslog Server on Windows NT

Don't think there's any documentation specifically on this.

You'll need some syslog software, Kiwi Syslog software is free and quite good, you can get it from www.kiwisyslog.com.

Load it up then set up your PIX to send logging messagaes to it, that's about all there is to it. Logging commands on the PIX can be found here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#1028090

I would suggest you use UDP syslogging rather than TCP. If you use TCP and the PIX is unable to contact the syslog server for whatever reason, the PIX by design will stop all traffic flowing through it (the theory is that if you can't log it, don't allow it).

New Member

Re: Pix Firewall Syslog Server on Windows NT

Thanks! I am able to get the log messgaes.

I have the following logging configuaration:

logging on

logging timestamp

logging monitor errors

logging buffered debugging

logging trap debugging

logging host inside vik

I want to receive only errors, critical , alert and emergency levels. Can you tell me how to do it. Right now I am getting info adn notice as well. I thought we could do so by "logging monitor security-level" command which seems ok to me.

Secondly, what exactly are these commands doing:

logging buffered debugging

logging trap debugging

Once again, thanks for your advice and time.

vik

Cisco Employee

Re: Pix Firewall Syslog Server on Windows NT

The "logging trap" command is the one that specifies what level of errors to send to the syslog server, so do:

> logging trap errors

"logging monitor" defines the syslog output sent to any Telnet windows you have open.

"logging buffered debugging" says send all syslog messages from debugging up (which is every level) to the internal PIX buffer, which you can then look at with the "show logging" command.

"logging trap debugging" says send all syslog messages from debugging up (which is every level) to the syslog server. As I said above, set this to "errors" level to only send errors, critical, alert and emergency levels to the syslog server.

New Member

Re: Pix Firewall Syslog Server on Windows NT

Thanks, Now I am only getting errors. But when I do logging monitor I get teh following message:

Pix-Admin1(config)# logging monitor

Usage: [no] logging on

[no] logging timestamp

[no] logging standby

[no] logging host [] [tcp|udp/port#]

[no] logging console

[no] logging buffered

[no] logging monitor

[no] logging history

[no] logging trap

[no] logging message

[no] logging facility

logging queue

If I do:

Pix-Admin1(config)# logging monitor debugging

Pix-Admin1(config)#

I dont see any messages sent to my telnet window. But I cna see the messages when I do show logging which as you said are the buffered syslog messages. Please comment on how to get messages on the telnet window as I am working?

112
Views
0
Helpful
4
Replies