Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

syslog and the pix

Do you need to setup an access list to enable syslog messages to a host on the inside interface? I'm not getting syslog messages on kiwi. I have it set up for udp on port 20000 and the pix has the logging host inside 'x' udp/20000 command. In the buffer I see messages being logged, but they don't show up in Kiwi.

Test messages from Kiwi itself show up so I don't think it's the syslog config.

5 REPLIES
Silver

Re: syslog and the pix

Do a sh log on the pix, and post results here

New Member

Re: syslog and the pix

I was being dumb. There is an intermediate pix between me and the pix in question, and I had to add an access list to the intermediate pix for it to permit the logging traffic. Doh!

All working now.

New Member

Re: syslog and the pix

Another question...

I'm logging two firewalls to PFSS on one server. But now I can't tell which firewall is logging what messages. Any way to easily do this?

New Member

Re: syslog and the pix

I think if you don't nat the inside interface of your higher level PIX (using nat 0 access-list xxx command) you should be able to differentiate between the two logs from the each PIX inside interface address.

Re: syslog and the pix

Hi,

try using a different facility for each firewall:

logging facility 'facility'

Kind Regards,

Tom

114
Views
5
Helpful
5
Replies
CreatePlease to create content