jrspano
asked on
logging on a cisco 506e
I have a cisco 506e pix firewall. How do i turn on logging for it? What's the easiest way to see the log from it.
On some cheaper routers/firewalls you can go to their config and see something like
time xxx dhcp renewed
time xxx packet dropped
time xxx invalid access attempt http 1.1.1.1:5847
etc etc
I want something similar on this and can't figure out how to turn that on and view it.
Preferably in the GUI of PDM also if possible.
TIA!
On some cheaper routers/firewalls you can go to their config and see something like
time xxx dhcp renewed
time xxx packet dropped
time xxx invalid access attempt http 1.1.1.1:5847
etc etc
I want something similar on this and can't figure out how to turn that on and view it.
Preferably in the GUI of PDM also if possible.
TIA!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks grblades. Can you elaborate a little. I can't seem to get it to do everything yet. I got the kiwi tool and it logs fine. I get all kinds of internal info about where people went etc. I get very little from outside though. I initiated a port scan and it never logged it. Is there something else I need to turn on? It's only logging a few dropped packets now.
Thanks!
Thanks!
What level did you set the logging to?
Did you enable the intrusion detection on the outside interface?
ASKER
It's set to notifications right now. Is it a combination of all lower? IE notifications does them and also everything below it like alarms, warnings etc.
ASKER
"Did you enable the intrusion detection on the outside interface?"
it's at factory default now. There are 2 global rules set to alarm. One for info and one for attack.
policy to interface mapings are all set to none.
it's at factory default now. There are 2 global rules set to alarm. One for info and one for attack.
policy to interface mapings are all set to none.
Try creating a new alarm policy copy of the default, and apply it to the outside interface
ASKER
I'm not 100% Sure I did it right, but I think I did and it didn't help. Any other ideas?
Thanks.
Thanks.
Sorry about the delayed response.
Are you still working on this? Did you get everything working? Do you need more information?
-Cheers!
Are you still working on this? Did you get everything working? Do you need more information?
-Cheers!
lrmoore do you mind having a quick look at one of my router questions.
Thanks
https://www.experts-exchange.com/questions/21291006/Cisco-837-ADSL-configuration-for-UK-provider-and-multiple-static-IP's.html
Thanks
https://www.experts-exchange.com/questions/21291006/Cisco-837-ADSL-configuration-for-UK-provider-and-multiple-static-IP's.html
ASKER
Hey lrmoore. I still have tons on internal logging and no external. I uninstalled all the logging software though. I'll give you credit for helping. If you think of anything else, please let me know and I'll try it when I get the logging server back up sometime.
Thanks!
You can always use the "log" keyword on the access-lists
access-list out_in permit tcp any host xxxxx eq 80 log <==
You can always use the "log" keyword on the access-lists
access-list out_in permit tcp any host xxxxx eq 80 log <==
The commands you want all start with the 'logging' command. You can type 'show log' to show the last entries.
You can also increase the buffer size and send a copy of the logs to a SYSLOG server.
You can also set what to log by chooseing what category to log such as debug, notice, critical etc...