Just out of curiosity, why do you want to log *all* ICMP traffic through your PIX? At logging level 4, you should see logs for selected ICMP traffic that is characteristic of a reconnaissance attack.
Anyway, I hope you have a large disk(s) on your Syslog server :-) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2003 2:44 PM To: [EMAIL PROTECTED] Subject: RE: Logging ICMP on a PIX [7:73232] Tried debug icmp trace And logged that information to console/syslog debugging level? Martijn 6.2 http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.h tm#1028090 level Specify the syslog message level as a number or string. The level you specify means that you want that level and those less than the level. For example, if level is 3, syslog displays 0, 1, 2, and 3 messages. Possible number and string level values are: 0-emergencies-System unusable messages 1-alerts-Take immediate action 2-critical-Critical condition 3-errors-Error message 4-warnings-Warning message 5-notifications-Normal but significant condition 6-informational-Information message 7-debugging-Debug messages and log FTP commands and WWW URLs -----Oorspronkelijk bericht----- Van: Patrick Donlon [mailto:[EMAIL PROTECTED] Verzonden: woensdag 30 juli 2003 10:23 Aan: [EMAIL PROTECTED] Onderwerp: Logging ICMP on a PIX [7:73232] Do anyone know how to log ICMP traffic that is allowed through a PIX?? I can see denied ICMP no problem. I can log all my other traffic with logging trap debug set, but it can't see ICMP traffic passing through the firewall. Is this normally behaviour for 6.2(2)? Cheers Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73275&t=73232 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
