Firewall Wizards mailing list archives
RE: Syslog set up
From: "Melson, Paul" <PMelson () sequoianet com>
Date: Thu, 24 Jul 2003 08:45:00 -0400
I think a gung-ho approach is best in this situation; "Log 'em all, let the analyzer sort 'em out." :-) Anyway, to get the PIX logging, it's just: !-- facility can be anything so long as its unique to your syslog server logging facility 20 !-- level 7 == debugging == most verbose logging trap 7 !-- pick a victim, if no protocol/port is specified, UDP/514 is used logging host inside 111.222.333.444 udp/1028 !-- Also, using TCP syslog can cause the PIX to freeze if it can't !-- communicate with the syslog server - once the log buffer is full !-- it stops passing traffic. Use UDP if at all possible. PaulM
-----Original Message----- I am looking for a document or suggestions on setting up what events to log on a Cisco PIX. I am not concerned about following our security policy yet I just need a 'Best Practice" type of document to get started from.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Syslog set up Doug Garrison (Jul 23)
- RE: Syslog set up Josh Welch (Jul 23)
- RE: Syslog set up Bob Wanamaker - Avant Systems, Inc. (Jul 23)
- Re: Syslog set up Brian A Kee (Jul 25)
- <Possible follow-ups>
- RE: Syslog set up Melson, Paul (Jul 24)
- Re: Syslog set up David Thiel (Jul 25)
- RE: Syslog set up Mark Tinberg (Jul 25)
- Re: Syslog set up Brian Ford (Jul 25)
- RE: Syslog set up Melson, Paul (Jul 25)