PIX logging setup help

[Timothy K. Cornelius]

Setting up the logging was very simple and took about 15 minutes to do. If anyone else want to setup logging for their Pix email me privately and I will show them. Or if I get enough response to this I will write a little how to with diagrams and documents showing what to do and what not to do. My little setup consists of 2 Pix 515 connected together with a virtual IP address pointing to both. I also have 2 Cisco 3000 VPN concentrators that are connected together using a virtual IP address giving them a single point of entry to either VPN machines. It looks like this.                        _________                      |  ISP  |                      |_______|                        | |_________these are 2 T-1's                     _____|_|_____ __________________3640 router ________________      |          |           |           |             |          |           |           |          ***PIX***   ***PIX***   ###VPN###   ###VPN###        |      |               |       |      Virtual IP              Virtual IP          |                       |          |                       |       #######2924 Cisco Switch########                     |                     |             ________|______________            |                       |            | Internal Network      |            | The log server is in  |            |__here_________________|        it is very simple download the log server for either NT or UNIX and install it. Note - make sure you use the UPD port not a TCP port. Because the documentation says if you are using a tcp port and the log server get full it will cause the Pix to shutdown. So I used UPD port 1026. Once you have installed the log server, then it on the Pix. All you need to do is in enable mode type the following "logging host inside XXX.XXX.XXX.XXX 17/1026 the X's are the log servers ip and 17 is what cisco uses to denote UDP 1026 is the port to use. When you start the executable to install the log server on NT it will ask you all theses question. What is the host ip? What protocol are you using? what port in that protocol? Things like that. I just giving a general outline, but if you have a pix firewall and a PC or server that has some HD space on it. This is the simplest and cheapest way to log you firewalls activity. These logs can be uploaded into excel, access lotus ......etc. any spreadsheet or DB and you can sort them how ever you want.   OK that my soapbox speech for the year. If anyone need more info email me offline.   Tim Cornelius   Sys-Net Admin   LIFE Outreach International   817-267-4211 work   817-235-0961 cell