RE: [fw-wiz] Syslog set up

From: Melson, Paul (
Date: 07/24/03

  • Next message: User Scarr: "Re: [fw-wiz] Watchguard V60 capacity"
    To: "\"Doug Garrison\" <>" <>, <>
    Date: Thu, 24 Jul 2003 08:45:00 -0400

    I think a gung-ho approach is best in this situation; "Log 'em all, let the analyzer sort 'em out." :-)

    Anyway, to get the PIX logging, it's just:

    !-- facility can be anything so long as its unique to your syslog server
    logging facility 20
    !-- level 7 == debugging == most verbose
    logging trap 7
    !-- pick a victim, if no protocol/port is specified, UDP/514 is used
    logging host inside 111.222.333.444 udp/1028
    !-- Also, using TCP syslog can cause the PIX to freeze if it can't
    !-- communicate with the syslog server - once the log buffer is full
    !-- it stops passing traffic. Use UDP if at all possible.


    > -----Original Message-----
    > I am looking for a document or suggestions on setting up what events to log
    > on a Cisco PIX. I am not concerned about following our security policy yet
    > I just need a 'Best Practice" type of document to get started from.
    firewall-wizards mailing list

  • Next message: User Scarr: "Re: [fw-wiz] Watchguard V60 capacity"