logging pix

Hi,

I have turned on logging to my logging server from my pix 515.

I have tried: logging trap debugging which produces a lot records.

This is what I want to log:

access-list inside line 1 deny tcp any any eq 445 (hitcnt=136255)

I have blocked port 445 on my inside interface and now I would like to find out which inside host the traffic is coming from.

I need to filter the logging to only show "deny tcp any any eq 445" Is this possible?

thanks for any help.
Donnie
LVL 12
Donnie4572Asked:
Who is Participating?
 
td_milesConnect With a Mentor Commented:
If you append the keyword "log" to the end of your access-list entry, then it should generate log entries at the info level (6) which means you won't need to send traps for the debug level (7) and get all the rest of the stuff. Alternatively, you can specify an even higher level for the log entries to be created at, cutting down on even more of the unwanted entries.

0
 
Donnie4572Author Commented:
Thanks td_miles!

I did this:
      access-list inside line 1 deny tcp any any eq 445 log 0

It is working great.

Donnie
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.