Firewall Wizards mailing list archives

RE: Syslog set up

From: "Melson, Paul" <PMelson () sequoianet com>
Date: Thu, 24 Jul 2003 08:45:00 -0400

I think a gung-ho approach is best in this situation; "Log 'em all, let the analyzer sort 'em out."  :-)

Anyway, to get the PIX logging, it's just:

!-- facility can be anything so long as its unique to your syslog server
logging facility 20
!-- level 7 == debugging == most verbose
logging trap 7
!-- pick a victim, if no protocol/port is specified, UDP/514 is used
logging host inside 111.222.333.444 udp/1028
!-- Also, using TCP syslog can cause the PIX to freeze if it can't
!-- communicate with the syslog server - once the log buffer is full
!-- it stops passing traffic.  Use UDP if at all possible.

PaulM

 -----Original Message-----
I am looking for a document or suggestions on setting up what events to log
on a Cisco PIX.  I am not concerned about following our security policy yet
I just need a 'Best Practice" type of document to get started from.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Syslog set up Doug Garrison (Jul 23)
- RE: Syslog set up Josh Welch (Jul 23)
- RE: Syslog set up Bob Wanamaker - Avant Systems, Inc. (Jul 23)
- Re: Syslog set up Brian A Kee (Jul 25)
- <Possible follow-ups>
- RE: Syslog set up Melson, Paul (Jul 24)
  - Re: Syslog set up David Thiel (Jul 25)
  - RE: Syslog set up Mark Tinberg (Jul 25)
- Re: Syslog set up Brian Ford (Jul 25)
- RE: Syslog set up Melson, Paul (Jul 25)