RE: [fw-wiz] Syslog set up

• Previous message: parul devgan: "[fw-wiz] ip track through natting"
• Maybe in reply to: Doug Garrison: "[fw-wiz] Syslog set up"
• Next in thread: David Thiel: "Re: [fw-wiz] Syslog set up"
• Reply: David Thiel: "Re: [fw-wiz] Syslog set up"
• Reply: Mark Tinberg: "RE: [fw-wiz] Syslog set up"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "\"Doug Garrison\" <doug.garrison@tagtmi.com>" <IMCEANOTES-+22Doug+20Garrison+22+20+3Cdoug+2Egarrison+40tagtmi+2Ecom+3E@sequoianet.com>, <firewall-wizards@honor.icsalabs.com>
Date: Thu, 24 Jul 2003 08:45:00 -0400

I think a gung-ho approach is best in this situation; "Log 'em all, let the analyzer sort 'em out." :-)

Anyway, to get the PIX logging, it's just:

!-- facility can be anything so long as its unique to your syslog server
logging facility 20
!-- level 7 == debugging == most verbose
logging trap 7
!-- pick a victim, if no protocol/port is specified, UDP/514 is used
logging host inside 111.222.333.444 udp/1028
!-- Also, using TCP syslog can cause the PIX to freeze if it can't
!-- communicate with the syslog server - once the log buffer is full
!-- it stops passing traffic. Use UDP if at all possible.

PaulM

> -----Original Message-----
> I am looking for a document or suggestions on setting up what events to log
> on a Cisco PIX. I am not concerned about following our security policy yet
> I just need a 'Best Practice" type of document to get started from.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: parul devgan: "[fw-wiz] ip track through natting"
• Maybe in reply to: Doug Garrison: "[fw-wiz] Syslog set up"
• Next in thread: David Thiel: "Re: [fw-wiz] Syslog set up"
• Reply: David Thiel: "Re: [fw-wiz] Syslog set up"
• Reply: Mark Tinberg: "RE: [fw-wiz] Syslog set up"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]