The PIX Security Appliance generates Syslog messages for system events, such
as alerts and resource depletion. Syslog messages may be used to create log
files, or displayed on the console of a designated Syslog host. The PIX can
send Syslog messages to any Syslog server
. In the event
that all Syslog servers or hosts are offline, the PIX stores up to 512 messages
in its memory. Subsequent messages that arrive overwrite the buffer starting
from the first line.
Logging Options
Some of the logging options available on the PIX
Security Appliance are as follows:
- Console – Specifies that the specified log messages appear on the console
as each message occurs.
- Buffered – Sends the specified log messages to an internal buffer that can
be viewed with the show logging command.
- Monitor – Specifies that the log messages appear on Telnet sessions to the
PIX console.
- Host – Specifies a log server that will receive the messages that are sent
from the PIX.
- SNMP – Enables sending logmessages as SNMP trap notifications.
Logging Levels
Messages at the specified level, as well as
any higher severity level messages, are logged
. For
example, if the log level is 3, the syslog displays 0, 1, 2, and 3 messages.
Possible number and string level values are as follows:
-
0 – emergencies – System unusable messages
-
1 – alerts – Take immediate action
-
2 – critical – Critical condition
-
3 – errors – Error message
-
4 – warnings – Warning message
-
5 – notifications – Normal but significant condition
-
6 – informational – Information message
-
7 – debugging – Debug messages and log FTP commands and WWW
URLs
Configuring Message Output
In Figure
, the PIX
Security Appliance is configured to send the logging messages to Syslog server
10.0.0.12. The messages sent will consist of warning messages and higher
severity. Each message is time stamped and identified with a device-id of pix6.
Lastly, logging is turned on.
In Figure
, the
administrator configured the PIX Security Appliance to send warning messages,
and higher severity messages, to the PIX Security Appliance logging buffer.
The show logging Command
Use the
show logging command to see the logging configuration and
any internally buffered messages. Use the clear logging
buffer command to clear the buffer to make viewing the most current messages
easier. In Figure
, logging is
enabled. The PIX Security Appliance will send warning messages, and higher
severity messages, to a syslog server and the PIX internal buffer. On syslog
messages, fw1 device-id and a timestamp will be appended.