RE: [fw-wiz] Syslog set up

From: Melson, Paul (PMelson_at_sequoianet.com)
Date: 07/24/03

  • Next message: User Scarr: "Re: [fw-wiz] Watchguard V60 capacity"
    To: "\"Doug Garrison\" <doug.garrison@tagtmi.com>" <IMCEANOTES-+22Doug+20Garrison+22+20+3Cdoug+2Egarrison+40tagtmi+2Ecom+3E@sequoianet.com>, <firewall-wizards@honor.icsalabs.com>
    Date: Thu, 24 Jul 2003 08:45:00 -0400
    
    

    I think a gung-ho approach is best in this situation; "Log 'em all, let the analyzer sort 'em out." :-)

    Anyway, to get the PIX logging, it's just:

    !-- facility can be anything so long as its unique to your syslog server
    logging facility 20
    !-- level 7 == debugging == most verbose
    logging trap 7
    !-- pick a victim, if no protocol/port is specified, UDP/514 is used
    logging host inside 111.222.333.444 udp/1028
    !-- Also, using TCP syslog can cause the PIX to freeze if it can't
    !-- communicate with the syslog server - once the log buffer is full
    !-- it stops passing traffic. Use UDP if at all possible.

    PaulM

    > -----Original Message-----
    > I am looking for a document or suggestions on setting up what events to log
    > on a Cisco PIX. I am not concerned about following our security policy yet
    > I just need a 'Best Practice" type of document to get started from.
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: User Scarr: "Re: [fw-wiz] Watchguard V60 capacity"