Re: Logging on a PIX

Fabio Pietrosanti \(naif\) Fri, 10 Nov 2000 02:22:41 -0800
PIX developper group say that ONLY in 5.4(x) release this bug will be
patched!!!

Don't ask me why!!!!

they also refuse to fix the ftp "internal ip revelation bug"...

bha...

Pietrosanti  Fabio          I.NET SpA, High Quality Access to the Internet
e-mail:  [EMAIL PROTECTED]       ( Direzione Tecnica, Gruppo Firewall )
         [EMAIL PROTECTED]
PGP Key (DSS)               http://naif.itapac.net/naif.asc

Home Page URL:            http://www.inet.it
Sede:                     Via Caldera, 21 20153 Milano
Tel:                      02-409061 Fax: 02-40906303
--
Free advertising: www.openbsd.org - Multiplatform Ultra-secure OS


On Thu, 9 Nov 2000, Graham Zulauf wrote:

> I currently have a PIX 506 setup as our firewall. Everything works fine on
> the box itself.
>
> I'm wondering how to configure the logging function to output port numbers
> when sending a message to the syslog server. Currently it just gives a
> message like this:
>
> 11:46:17 Local7.Warning 10.1.0.10 Nov 09 2000 11:45:54: %PIX-4-106019: IP
> packet from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx, protocol tcp received from
> interface "outside" deny by access-group "acl_out"
>
> There are no references to the port number source or destination.
>
>
> Here are my access-lists:
>
> access-list acl_out permit tcp any host xxx.xxx.xxx.xxx eq smtp (hitcnt=2)
> access-list acl_out permit tcp any host xxx.xxx.xxx.xxx eq www (hitcnt=163)
> access-list acl_out permit icmp any host xxx.xxx.xxx.xxx (hitcnt=318)
> access-list acl_out permit tcp any host xxx.xxx.xxx.xxx eq pop3 (hitcnt=1)
> access-list acl_out deny ip any any (hitcnt=4)
> access-list acl_in permit ip any any (hitcnt=3110)
>
>
> Here is my logging setup:
>
> Syslog logging: enabled
>     Timestamp logging: enabled
>     Standby logging: disabled
>     Console logging: disabled
>     Monitor logging: disabled
>     Buffer logging: disabled
>     Trap logging: level notifications, facility 23, 331 messages logged
>         Logging to inside 10.1.0.60
>     History logging: disabled
>
>
>
> I've changed the logging level to 7 or "debugging", but that didn't seem to
> help. Are there any statements that need to be added? Shouldn't the PIX be
> capable of logging port numbers? Their documentation seems shows it as being
> possible (
> http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/syslog/pix
> emint.htm#31944
> <http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/syslog/pi
> xemint.htm#31944> ).
>
> Thanks.
>

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Re: Logging on a PIX

Reply via email to
