Logging on a PIX

[Graham Zulauf]

I currently have a PIX 506 setup as our firewall. Everything works fine on the box itself.

 

I'm wondering how to configure the logging function to output port numbers when sending a message to the syslog server. Currently it just gives a message like this:

 

11:46:17 Local7.Warning 10.1.0.10 Nov 09 2000 11:45:54: %PIX-4-106019: IP packet from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx, protocol tcp received from interface "outside" deny by access-group "acl_out"

 

There are no references to the port number source or destination.

 

 

Here are my access-lists:

 

access-list acl_out permit tcp any host xxx.xxx.xxx.xxx eq smtp (hitcnt=2)
access-list acl_out permit tcp any host xxx.xxx.xxx.xxx eq www (hitcnt=163)
access-list acl_out permit icmp any host xxx.xxx.xxx.xxx (hitcnt=318)
access-list acl_out permit tcp any host xxx.xxx.xxx.xxx eq pop3 (hitcnt=1)
access-list acl_out deny ip any any (hitcnt=4)
access-list acl_in permit ip any any (hitcnt=3110)

 

 

Here is my logging setup:

 

Syslog logging: enabled
    Timestamp logging: enabled
    Standby logging: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: level notifications, facility 23, 331 messages logged
        Logging to inside 10.1.0.60
    History logging: disabled

 

 

 

I've changed the logging level to 7 or "debugging", but that didn't seem to help. Are there any statements that need to be added? Shouldn't the PIX be capable of logging port numbers? Their documentation seems shows it as being possible (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/syslog/pixemint.htm#31944).

 

Thanks.