03-12-2003 09:05 AM - edited 03-09-2019 02:28 AM
Hello dear all,
I'm working with Pix IOS ver 5.3 and syslog servers. I need the know the source and destination ports from denied packets on internal and external interfaces of Pix.
I put the Pix alert level on informational, but only show me the IP source/dest and the protocol type ( tcp, udp...).
Ex: Mar 12 14:24:37 xxx.xxx.xxx.xxx Mar 12 2003 09:16:16: %PIX-4-106019: IP packet from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx, protocol udp received from interface "inside" deny by access-group "CSM-acl-inside
What is the alert level that show me the source and dest ports on denied packets ?
The problem with debug level is that show me also a lot of information that I not need.
Thanks a lot by your help.
=======================================
Julio Jaime
Americas Zone Security Administrator
Accor Services
=======================================
03-12-2003 03:36 PM
Syslog message 106019 was changed in a bunch of versions a while ago to include the port numbers (CSCdr68251). You can check the bug details here:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdr68251&Submit=Search
to upgrade to a version that'll include those for you.
03-12-2003 08:41 PM
As previously stated, upgrade and you'll get the port numbers included. Another "trick" is to place an "deny ip any any" at the end of your access-list. Functionally, this doesn't affect traffic any as all ACLs have an implicit deny at the end. The good news is that the Pix will log denies for the ACL at level 4 rather than level 6. (or is it 7?) The Pix considers explicit ACL denies a high priority than implicit denies.
03-13-2003 05:28 AM
Thanks very much.
I'm glad with your answers.
JJ
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: