Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

pix syslog & linux
From: "kurt x" <kurtwp () gmail com>
Date: Mon, 15 May 2006 15:19:11 -0400

I have a pix running IOS 7.0(4).  I set up syslog commands as follows:

name 192.168.2.1 galactica

logging enable
logging timestamp
logging trap debugging
logging host inside galactica

The syslog server is a linux redhat 2.6.12-1.1381_FC3 machine with the
following syslog.conf lines for Cisco:

# Save Pix messages
*.debug                                                 /var/log/all.debug

Right now I'll trap everything just to get it to work then narrow it down later.

Below is what I get on the pix side.  When I do a "tcpdump port 514" I
get traffic from the pix.

ICMP unreachable (code 3) galactica > 192.168.2.254
ping galactica
ICMP unreachable (code 3) galactica > 192.168.2.254

Sending 5, 100-byte ICMP Echos to galactica, timeout is 2 seconds:
!ICMP echo request (len 72 id 4388 seq 37652) 192.168.2.254 > galactica
!!ICMP echo reply (len 72 id 4388 seq 37652) galactica > 192.168.2.254
!ICMP echo request (len 72 id 4388 seq 37652) 192.168.2.254 > galactica
!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms

As you can see I can ping the server from the pix.

Next I switch "logging host inside galactica" to "logging host inside
192.168.2.12"
.12 is a W2K box running Kiwi syslog.  When I did the switch I saw the
syslogs come in on the W2K
machine.

Any suggestion?

Kurt
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault