Educause Security Discussion mailing list archives

Re: Cisco Pix firewall question

From: "Di Fabio, Andrea" <adifabio () NSU EDU>
Date: Fri, 7 Aug 2009 14:45:08 -0400

I believe the following table still applies:



System unusable                                             0

Immediate action required                          1

Critical condition                                               2

Error conditions                                                3

Warning conditions                                         4

Normal but significant conditions              5

Informational messages                               6

Debugging messages                                     7



Configurations fall under 5 and authentication under 6,



%PIX-6-113004: AAA user authentication Successful : server =  10.1.1.1 :
user = joe

%PIX-5-111008: User 'joe' executed the 'configure terminal' command.

%PIX-5-111008: User 'joe' executed the 'no shun 10.3.3.3' command



Also, DENY falls under 4 and Built and Teardown connections under 6.



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S Malwade
Sent: Friday, August 07, 2009 1:36 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Cisco Pix firewall question





Is anyone familiar as to what logging level is associated with changes (
add,modify,delete ) to the Firewall rules within PIX ? We essentially want
to capture a minimum of this level via syslog redirection.



Thanks,

Anand

Attachment: smime.p7s
Description:

Current thread:

Cisco Pix firewall question Anand S Malwade (Aug 07)
- <Possible follow-ups>
- Re: Cisco Pix firewall question Kevin Hayes (Aug 07)
- Re: Cisco Pix firewall question Di Fabio, Andrea (Aug 07)