Dan, >There is one problem I've found with the PIX log server software - it >relies on the PIX to set the time of the log entry (via the "logging >timestamp on" command) and so you need to make sure that the time is >correct on all of your PIX units.
So the PIX can send messages to Syslog with or without timestamps. The reason why you might NOT want the PIX to timestamp is you don't care about the time the message was generated, you just want messages in the right order. Some Syslogd implementations put their own "time received" timestamp on. The PIX has an onboard clock. If you ever find that after set the clock drifts so as to cause a syslog problem (and you have a valid maintenance contract), Cisco will replace that PIX. v6.2 of the PIX OS which will be available in April has NTP support. >I use Kiwi Syslog Daemon which can handle more >than just the PIX logs and it ... <snip> I use Kiwi Syslog also. It's wonderful. Andrew Ross, the developer is a great person and has a great product. An impotant PIX syslog feature that you didn't mention (and the reason we put out a syslogd in the first place) is TCP Syslog. On the PIX you do have the option of sending Syslog over TCP or UDP. This makes it much more reliable. And Kiwi supports PIX TCP Syslog too! Liberty for All, Brian P.S. Have you checked out RnR ReportGen? It's also a great log report tool and works very well At 12:01 PM 12/18/2001 -0800, "Daniel Crichton" <[EMAIL PROTECTED]> wrote: >Message: 7 >From: "Daniel Crichton" <[EMAIL PROTECTED]> >Organization: Computer Manuals Ltd. >To: "Timothy K. Cornelius" <[EMAIL PROTECTED]> >Date: Tue, 18 Dec 2001 09:41:32 -0000 >Subject: Re: PIX logging setup help >Reply-To: [EMAIL PROTECTED] >Cc: [EMAIL PROTECTED] > >On 15 Dec 2001 at 10:17, Timothy K. Cornelius wrote: > > > Setting up the logging was very simple and took about 15 minutes to do. If > > anyone else want to setup logging for their Pix email me privately and I > > will show them. Or if I get enough response to this I will write a little > >There is one problem I've found with the PIX log server software - it >relies on the PIX to set the time of the log entry (via the "logging >timestamp on" command) and so you need to make sure that the time is >correct on all of your PIX units. There are also very few options in the >logging server software. I use Kiwi Syslog Daemon which can handle more >than just the PIX logs and it handles the timestamping locally (so you can >combine logs from multiple PIX and be sure that the log entries have >correct relative times even if the server time is wrong). The Kiwi server >also allows you to create multiple logs based on the source and level (so >you could split the logs from the 2 PIX into separate logs on a single >server if you wanted, or have them combined and record all log lines but >also write all critical log lines to a separate file so you don't have to >grep them out of the main log). It has loads of features that make syslog >management much easier than with the Cisco software. This is my own >personal opinion, there are probably even better syslog servers for NT/2K >out there, but I've been using Kiwi since I first installed my PIX units >and have never looked back. > >Dan >--- >D.C. Crichton email: [EMAIL PROTECTED] >Senior Systems Analyst tel: +44 (0)121 706 6000 >Computer Manuals Ltd. fax: +44 (0)121 606 0477 > >Computer book info on the web: > http://computer-manuals.co.uk/ >Want to earn money? Join our affiliate network! > http://computer-manuals.co.uk/affiliate/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
