just do "logging buffer debug" and clear the buffers immediately before your testing. You can alter the logging queue size if necessary.
Bikespace ""Patrick Donlon"" wrote in message news:[EMAIL PROTECTED] > I don't really want to see all ICMP traffic as it makes me cross eyed, I can > filter it on the syslog server though (if the disk isn't full). It's just > that when trouble shooting connections, e.g.. a vpn to an external company, > icmp is normally allowed through so it would be nice to see it when setting > up a connection. > > ""George Murage"" <> wrote in message > news:[EMAIL PROTECTED] > > Just out of curiosity, why do you want to log *all* ICMP traffic through > > your PIX? At logging level 4, you should see logs for selected ICMP > traffic > > that is characteristic of a reconnaissance attack. > > > > Anyway, I hope you have a large disk(s) on your Syslog server :-) > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Thursday, July 31, 2003 2:44 PM > > To: [EMAIL PROTECTED] > > Subject: RE: Logging ICMP on a PIX [7:73232] > > > > Tried > > > > debug icmp trace > > > > And logged that information to console/syslog debugging level? > > > > Martijn > > > > 6.2 > > > http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.h > > tm#1028090 > > level > > Specify the syslog message level as a number or string. The level you > > specify means that you want that level and those less than the level. For > > example, if level is 3, syslog displays 0, 1, 2, and 3 messages. Possible > > number and string level values are: > > > > 0-emergencies-System unusable messages > > 1-alerts-Take immediate action > > 2-critical-Critical condition > > 3-errors-Error message > > 4-warnings-Warning message > > 5-notifications-Normal but significant condition > > 6-informational-Information message > > 7-debugging-Debug messages and log FTP commands and WWW URLs > > > > > > > > -----Oorspronkelijk bericht----- > > Van: Patrick Donlon [mailto:[EMAIL PROTECTED] > > Verzonden: woensdag 30 juli 2003 10:23 > > Aan: [EMAIL PROTECTED] > > Onderwerp: Logging ICMP on a PIX [7:73232] > > > > > > Do anyone know how to log ICMP traffic that is allowed through a PIX?? I > can > > see denied ICMP no problem. > > > > I can log all my other traffic with logging trap debug set, but it can't > see > > ICMP traffic passing through the firewall. Is this normally behaviour for > > 6.2(2)? > > > > Cheers > > > > Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73395&t=73232 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
