[fw-wiz] Appropriate PIX logging level
- From: "Ravdal, Stig" <SRavdal@xxxxxxxxxxx>
- Date: Fri, 7 Apr 2006 09:31:20 -0600
I'm having a discussion with some of our network engineers about the
appropriate level of logging on a Cisco PIX firewall. The major
complaint I get for increasing the logging level is because of lack of
storage. Are there standard or best practice references that I can
bring to the table?
I'm expecting to get some variation in responses from this post. What
may be helpful to me is to understand what information is being lost by
going to the next lower level.
At a minimum I think we should be logging and analyzing: date/time,
interface(s), src/dst IP, src/dst port, proto, allow/deny, rule applied
(, other?). Does that seem right? What about SYN/ACK and so on?
Based on the information I believe we should be logging what does the
logging level on a PIX have to be set to?
firewall-wizards mailing list
- Prev by Date: Re: [fw-wiz] Assessment Of GoToMyPC vs. Network Security
- Next by Date: Fwd: [fw-wiz] Assessment Of GoToMyPC vs. Network Security
- Previous by thread: [fw-wiz] Access to firewalled server via dhcp'd internet connection
- Next by thread: Re: [fw-wiz] Appropriate PIX logging level