Firewall Wizards mailing list archives
pix 501 logging question
From: NI <firewall-wizards () konadogs net>
Date: Wed, 2 Mar 2005 17:27:35 -1000
Wizards, I need some clarification on logging via syslog with a PIX-501 running 6.3.(3). I have an ACL called "inbound" bound to the outside interface. When I append the following rule to "inbound", for some reason unsolicited traffic isn't logged: access-list inbound deny ip any any log 4 The other elements which permit traffic seem to work as advertised. For example, I have this rule to permit access to my mail servers: access-list inbound permit tcp any object-group mx_hosts eq smtp log 4 and connections are logged to syslog that look like this: Mar 2 12:47:14 192.xxx.xxx.xxx Mar 02 2005 12:47:14: %PIX-4-106100: access-list inbound permitted tcp outside/205.206.xxx.xxx(27652) -> inside/66.91.xxx.xxx(25) hit-cnt 2 (300-second interval) Any suggestions on how to properly configure the PIX to log unsolicited tcp/ucp/icmp traffic on the outside (security0) interface? I would like to see PIX-4-106100 messages for the denied traffic. Thanks, Nate _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- pix 501 logging question NI (Mar 04)
- RE: pix 501 logging question Paul Melson (Mar 09)