Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

What alert level show the source and dest ports on denied packets ?

Hello dear all,

I'm working with Pix IOS ver 5.3 and syslog servers. I need the know the source and destination ports from denied packets on internal and external interfaces of Pix.

I put the Pix alert level on informational, but only show me the IP source/dest and the protocol type ( tcp, udp...).

Ex: Mar 12 14:24:37 xxx.xxx.xxx.xxx Mar 12 2003 09:16:16: %PIX-4-106019: IP packet from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx, protocol udp received from interface "inside" deny by access-group "CSM-acl-inside

What is the alert level that show me the source and dest ports on denied packets ?

The problem with debug level is that show me also a lot of information that I not need.

Thanks a lot by your help.

=======================================

Julio Jaime

Americas Zone Security Administrator

Accor Services

jjaime@accorservices.com.ar

=======================================

3 REPLIES
Cisco Employee

Re: What alert level show the source and dest ports on denied pa

Syslog message 106019 was changed in a bunch of versions a while ago to include the port numbers (CSCdr68251). You can check the bug details here:

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdr68251&Submit=Search

to upgrade to a version that'll include those for you.

Silver

Re: What alert level show the source and dest ports on denied pa

As previously stated, upgrade and you'll get the port numbers included. Another "trick" is to place an "deny ip any any" at the end of your access-list. Functionally, this doesn't affect traffic any as all ACLs have an implicit deny at the end. The good news is that the Pix will log denies for the ACL at level 4 rather than level 6. (or is it 7?) The Pix considers explicit ACL denies a high priority than implicit denies.

New Member

Re: What alert level show the source and dest ports on denied pa

Thanks very much.

I'm glad with your answers.

JJ

211
Views
0
Helpful
3
Replies
CreatePlease to create content