logging on a cisco 506e

I have a cisco 506e pix firewall.  How do i turn on logging for it?  What's the easiest way to see the log from it.  

On some cheaper routers/firewalls you can go to their config and see something like
time xxx dhcp renewed
time xxx packet dropped
time xxx invalid access attempt http 1.1.1.1:5847
etc etc
I want something similar on this and can't figure out how to turn that on and view it.  

Preferably in the GUI of PDM also if possible.

TIA!
LVL 3
jrspanoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

grbladesCommented:
Hi jrspano,
The commands you want all start with the 'logging' command. You can type 'show log' to show the last entries.
You can also increase the buffer size and send a copy of the logs to a SYSLOG server.
You can also set what to log by chooseing what category to log such as debug, notice, critical etc...
0
lrmooreCommented:
First, get yourself a good syslog server, like Kiwi syslogd  http://www.kiwitools.com

Setup logging on the PIX
  Configuration | System Properties
     + Logging
          * Logging Setup     [x] Enable logging
          * Syslog   Add: Inside, IP address of host, don't change anything else
                         Level: Notification
                         [x]  Include Timestamp

                     Apply | Save

Next, get yourself a syslog analysis tool like Sawmill:
http://www.sawmill.net/formats/Syslog.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jrspanoAuthor Commented:
thanks grblades.  Can you elaborate a little.  I can't seem to get it to do everything yet.  I got the kiwi tool and it logs fine.  I get all kinds of internal info about where people went etc.  I get very little from outside though.  I initiated a port scan and it never logged it.  Is there something else I need to turn on?  It's only logging a few dropped packets now.

Thanks!
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

lrmooreCommented:
What level did you set the logging to?
0
lrmooreCommented:
Did you enable the intrusion detection on the outside interface?
0
jrspanoAuthor Commented:
It's set to notifications right now.  Is it a combination of all lower?  IE notifications does them and also everything below it like alarms, warnings etc.

0
jrspanoAuthor Commented:
"Did you enable the intrusion detection on the outside interface?"

it's at factory default now.  There are 2 global rules set to alarm.  One for info and one for attack.
policy to interface mapings are all set to none.
0
lrmooreCommented:
Try creating a new alarm policy copy of the default, and apply it to the outside interface
0
jrspanoAuthor Commented:
I'm not 100% Sure I did it right,  but I think I did and it didn't help.  Any other ideas?

Thanks.
0
lrmooreCommented:
Sorry about the delayed response.
Are you still working on this? Did you get everything working? Do you need more information?

-Cheers!
0
grbladesCommented:
lrmoore do you mind having a quick look at one of my router questions.
Thanks
http://www.experts-exchange.com/Hardware/Routers/Q_21291006.html
0
jrspanoAuthor Commented:
Hey lrmoore.  I still have tons on internal logging and no external.  I uninstalled all the logging software though.  I'll give you credit for helping.  If you think of anything else, please let me know and I'll try it when I get the logging server back up sometime.
0
lrmooreCommented:
Thanks!

You can always use the "log" keyword on the access-lists

  access-list out_in permit tcp any host xxxxx eq 80 log <==

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.