• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 346
  • Last Modified:

Pix logging to linux server

On my pix 515 I was running os 6.1(4) logging to a linux server and it was showing the domain name in the log files. I installed os 8.0 and its showing the IP address intstead of the domain name. I am logging in debugging mode. I want to log domain name instead of IP address

Have I turned something off?

TIA
: Saved
: Written by enable_15 at 18:06:24.389 UTC Sun Feb 8 2009
!
PIX Version 8.0(2)
!
hostname DSGPIX515
domain-name
enable password  encrypted
names
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address xxx.xxx.xxx.98 255.255.255.224
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 192.168.100.10 255.255.255.0
!
passwd  encrypted
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 4.2.2.5
 name-server 4.2.2.2
 domain-name
access-list 101 extended permit tcp any host xxx.xxx.xxx.102 eq pcanywhere-data
access-list 101 extended permit tcp any host xxx.xxx.xxx.102 eq 5632
access-list 101 extended permit tcp any host xxx.xxx.xxx.103 eq 3389
access-list 101 extended permit tcp any host xxx.xxx.xxx.105 eq https
access-list 101 extended permit tcp any host xxx.xxx.xxx.109 eq pcanywhere-data
access-list 101 extended permit tcp any host xxx.xxx.xxx.109 eq 5632
access-list 101 extended permit tcp any host xxx.xxx.xxx.101 eq pop3
access-list 101 extended permit tcp any host xxx.xxx.xxx.101 eq smtp
access-list 101 extended permit tcp any host xxx.xxx.xxx.108 eq www
access-list 101 extended permit tcp any host xxx.xxx.xxx.108 eq smtp
access-list 101 extended permit tcp any host xxx.xxx.xxx.108 eq pop3
access-list 101 extended permit tcp any host xxx.xxx.xxx.108 eq 10000
access-list 101 extended permit udp any host xxx.xxx.xxx.108 eq isakmp
access-list 101 extended permit udp any host xxx.xxx.xxx.108 eq 4500
access-list 101 extended permit udp any host xxx.xxx.xxx.108 eq 10000
access-list 101 extended permit tcp any host xxx.xxx.xxx.125 eq 6666
pager lines 300
logging enable
logging timestamp
logging trap debugging
logging asdm informational
logging facility 23
logging host inside 192.168.100.11
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) xxx.xxx.xxx.103 192.168.100.23 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.104 192.168.100.52 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.105 192.168.100.26 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.101 192.168.100.106 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.109 192.168.105.10 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.102 192.168.100.29 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.125 10.9.4.5 netmask 255.255.255.255
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.97 1
route inside 10.0.0.0 255.255.0.0 192.168.101.10 1
route inside 10.1.0.0 255.255.0.0 192.168.101.10 1
route inside 10.2.0.0 255.255.0.0 192.168.101.10 1
route inside 10.3.0.0 255.255.0.0 192.168.101.10 1
route inside 10.7.0.0 255.255.0.0 192.168.101.11 1
route inside 10.8.0.0 255.255.0.0 192.168.101.11 1
route inside 10.9.0.0 255.255.0.0 192.168.101.11 1
route inside 10.9.4.0 255.255.255.0 192.168.101.11 1
route inside 10.10.0.0 255.255.0.0 192.168.101.11 1
route inside 10.11.0.0 255.255.0.0 192.168.101.10 1
route inside 10.12.0.0 255.255.0.0 192.168.101.10 1
route inside 10.13.0.0 255.255.0.0 192.168.101.12 1
route inside 10.227.254.0 255.255.255.0 192.168.100.20 1
route inside 20.20.0.0 255.255.0.0 192.168.100.12 1
route inside 30.30.0.0 255.255.0.0 192.168.100.20 1
route inside 100.100.100.0 255.255.255.0 192.168.100.20 1
route inside 192.168.0.0 255.255.255.0 192.168.0.2 1
route inside 192.168.1.0 255.255.255.0 192.168.100.5 1
route inside 192.168.2.0 255.255.255.0 192.168.100.12 1
route inside 192.168.3.0 255.255.255.0 192.168.100.12 1
route inside 192.168.4.0 255.255.255.0 192.168.100.12 1
route inside 192.168.5.0 255.255.255.0 192.168.100.20 1
route inside 192.168.6.0 255.255.255.0 192.168.100.20 1
route inside 192.168.7.0 255.255.255.0 192.168.100.20 1
route inside 192.168.8.0 255.255.255.0 192.168.100.12 1
route inside 192.168.9.0 255.255.255.0 192.168.100.12 1
route inside 192.168.10.0 255.255.255.0 192.168.100.12 1
route inside 192.168.11.0 255.255.255.0 192.168.100.12 1
route inside 192.168.12.0 255.255.255.0 192.168.100.20 1
route inside 192.168.13.0 255.255.255.0 192.168.100.20 1
route inside 192.168.15.0 255.255.255.0 192.168.100.12 1
route inside 192.168.16.0 255.255.255.0 192.168.100.12 1
route inside 192.168.17.0 255.255.255.0 192.168.100.20 1
route inside 192.168.18.0 255.255.255.0 192.168.101.11 1
route inside 192.168.19.0 255.255.255.0 192.168.100.20 1
route inside 192.168.20.0 255.255.255.0 192.168.100.12 1
route inside 192.168.21.0 255.255.255.0 192.168.101.11 1
route inside 192.168.22.0 255.255.255.0 192.168.100.12 1
route inside 192.168.60.0 255.255.255.0 192.168.100.3 1
route inside 192.168.101.0 255.255.255.0 192.168.100.2 1
route inside 192.168.105.0 255.255.255.0 192.168.100.2 1
route inside 192.168.106.0 255.255.255.0 192.168.100.2 1
route inside 192.168.110.0 255.255.255.0 192.168.100.2 1
route inside 192.168.254.0 255.255.255.0 192.168.100.3 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 192.168.100.29 255.255.255.255 inside
http 192.168.15.100 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet 192.168.100.0 255.255.255.0 inside
telnet 192.168.15.0 255.255.255.0 inside
telnet timeout 15
ssh timeout 60
ssh version 2
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
  inspect http
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:3a4333a15be88455bd997798481944b7
: end

0
desotoit
Asked:
desotoit
  • 4
  • 2
1 Solution
 
MysidiaCommented:
Try

logging device-id hostname
0
 
desotoitAuthor Commented:
Still does not log by domain name if I did it correctly.

: Saved
: Written by enable_15 at 12:41:33.739 FKDT Sat Feb 14 2009
!
PIX Version 8.0(2)
!
hostname DSGPIX515
domain-name
enable password encrypted
names
!
interface Ethernet0
 duplex full
 nameif outside
 security-level 0
 ip address xxx.xxx.xxx.98 255.255.255.224
!
interface Ethernet1
 duplex full
 nameif inside
 security-level 100
 ip address 192.168.100.5 255.255.255.0
!
passwd encrypted
ftp mode passive
clock timezone FKST -4
clock summer-time FKDT recurring 1 Sun Sep 2:00 3 Sun Apr 2:00
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 4.2.2.5
 name-server 4.2.2.2
 domain-name
access-list 101 extended permit tcp any host xxx.xxx.xxx.102 eq pcanywhere-data
access-list 101 extended permit tcp any host xxx.xxx.xxx.102 eq 5632
access-list 101 extended permit tcp any host xxx.xxx.xxx.103 eq 3389
access-list 101 extended permit tcp any host xxx.xxx.xxx.105 eq https
access-list 101 extended permit tcp any host xxx.xxx.xxx.109 eq pcanywhere-data
access-list 101 extended permit tcp any host xxx.xxx.xxx.109 eq 5632
access-list 101 extended permit tcp any host xxx.xxx.xxx.101 eq pop3
access-list 101 extended permit tcp any host xxx.xxx.xxx.101 eq smtp
access-list 101 extended permit tcp any host xxx.xxx.xxx.108 eq www
access-list 101 extended permit tcp any host xxx.xxx.xxx.108 eq smtp
access-list 101 extended permit tcp any host xxx.xxx.xxx.108 eq pop3
access-list 101 extended permit tcp any host xxx.xxx.xxx.108 eq 10000
access-list 101 extended permit udp any host xxx.xxx.xxx.108 eq isakmp
access-list 101 extended permit udp any host xxx.xxx.xxx.108 eq 4500
access-list 101 extended permit udp any host xxx.xxx.xxx.108 eq 10000
access-list 101 extended permit tcp any host xxx.xxx.xxx.125 eq 6666
access-list 101 extended permit icmp any any inactive
pager lines 300
logging enable
logging timestamp
logging trap debugging
logging facility 23
logging device-id hostname
logging host inside 192.168.100.11
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) xxx.xxx.xxx.103 192.168.100.23 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.104 192.168.100.52 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.105 192.168.100.26 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.101 192.168.100.106 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.109 192.168.105.10 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.102 192.168.100.29 netmask 255.255.255.255
static (inside,outside) xxx.xxx.xxx.125 10.9.4.5 netmask 255.255.255.255
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.97 1
route inside 10.0.0.0 255.255.0.0 192.168.101.10 1
route inside 10.1.0.0 255.255.0.0 192.168.101.10 1
route inside 10.2.0.0 255.255.0.0 192.168.101.10 1
route inside 10.3.0.0 255.255.0.0 192.168.101.10 1
route inside 10.7.0.0 255.255.0.0 192.168.101.11 1
route inside 10.8.0.0 255.255.0.0 192.168.101.11 1
route inside 10.9.0.0 255.255.0.0 192.168.101.11 1
route inside 10.9.4.0 255.255.255.0 192.168.101.11 1
route inside 10.10.0.0 255.255.0.0 192.168.101.11 1
route inside 10.11.0.0 255.255.0.0 192.168.101.10 1
route inside 10.12.0.0 255.255.0.0 192.168.101.10 1
route inside 10.13.0.0 255.255.0.0 192.168.101.12 1
route inside 10.227.254.0 255.255.255.0 192.168.100.20 1
route inside 20.20.0.0 255.255.0.0 192.168.100.12 1
route inside 30.30.0.0 255.255.0.0 192.168.100.20 1
route inside 100.100.100.0 255.255.255.0 192.168.100.20 1
route inside 192.168.0.0 255.255.255.0 192.168.0.2 1
route inside 192.168.1.0 255.255.255.0 192.168.100.5 1
route inside 192.168.2.0 255.255.255.0 192.168.100.12 1
route inside 192.168.3.0 255.255.255.0 192.168.100.12 1
route inside 192.168.4.0 255.255.255.0 192.168.100.12 1
route inside 192.168.5.0 255.255.255.0 192.168.100.20 1
route inside 192.168.6.0 255.255.255.0 192.168.100.20 1
route inside 192.168.7.0 255.255.255.0 192.168.100.20 1
route inside 192.168.8.0 255.255.255.0 192.168.100.12 1
route inside 192.168.9.0 255.255.255.0 192.168.100.12 1
route inside 192.168.10.0 255.255.255.0 192.168.100.12 1
route inside 192.168.11.0 255.255.255.0 192.168.100.12 1
route inside 192.168.12.0 255.255.255.0 192.168.100.20 1
route inside 192.168.13.0 255.255.255.0 192.168.100.20 1
route inside 192.168.15.0 255.255.255.0 192.168.100.12 1
route inside 192.168.16.0 255.255.255.0 192.168.100.12 1
route inside 192.168.17.0 255.255.255.0 192.168.100.20 1
route inside 192.168.18.0 255.255.255.0 192.168.101.11 1
route inside 192.168.19.0 255.255.255.0 192.168.100.20 1
route inside 192.168.20.0 255.255.255.0 192.168.100.12 1
route inside 192.168.21.0 255.255.255.0 192.168.101.11 1
route inside 192.168.22.0 255.255.255.0 192.168.100.12 1
route inside 192.168.60.0 255.255.255.0 192.168.100.3 1
route inside 192.168.101.0 255.255.255.0 192.168.100.2 1
route inside 192.168.105.0 255.255.255.0 192.168.100.2 1
route inside 192.168.106.0 255.255.255.0 192.168.100.2 1
route inside 192.168.110.0 255.255.255.0 192.168.100.2 1
route inside 192.168.254.0 255.255.255.0 192.168.100.3 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 192.168.15.100 255.255.255.255 inside
http 192.168.100.29 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet 192.168.100.0 255.255.255.0 inside
telnet 192.168.15.0 255.255.255.0 inside
telnet timeout 15
ssh timeout 60
ssh version 2
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
  inspect http
policy-map global-policy
 class inspection_default
  inspect http
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:cb7db9aa59e976c731b81842080a959f
: end
0
 
MysidiaCommented:
Check
 show logging

Make sure you see a line that says
Device ID: hostname "DSGPIX515"

It should have started including the device-id  with the PIX's fully-qualified host and domain name in the new log entries   as soon as you added that config....
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
MysidiaCommented:
An alternative to try is

logging device-id string DSGPIX515
0
 
desotoitAuthor Commented:
Maybe I have not made myself clear on what I want to see in the logs. When a person from our network vist a site it used to show the domain name (192.168.100.100 accessed url:www.google.com) now instead of www.google.com it has googles IP address.

Here is what the pix shows when I typed in show logging.
screen.JPG
0
 
MysidiaCommented:
Ok, I had thought you wanted to identify your PIX in the log messages by its hostname instead of the PIX's IP address.

You mean the entries that look like:
Feb 14 15:30:38 pix1 %PIX-5-304001  10.100.0.1 Accessed URL 209.85.165.103:/


Well, there's actually no way on a PIX to tell it to display  "Accessed URL www.google.com:/"
instead.

It's one of the most bothersome limitations of the PIX/ASA.
There is no method of making the 304001 messages include the actual hostname requested.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now