Getting Started with the PIX Security Appliance
Syslog configuration

The PIX Security Appliance generates Syslog messages for system events, such as alerts and resource depletion. Syslog messages may be used to create log files, or displayed on the console of a designated Syslog host. The PIX can send Syslog messages to any Syslog server . In the event that all Syslog servers or hosts are offline, the PIX stores up to 512 messages in its memory. Subsequent messages that arrive overwrite the buffer starting from the first line.

Logging Options
Some of the logging options available on the PIX Security Appliance are as follows:

  • Console – Specifies that the specified log messages appear on the console as each message occurs.
  • Buffered – Sends the specified log messages to an internal buffer that can be viewed with the show logging command.
  • Monitor – Specifies that the log messages appear on Telnet sessions to the PIX console.
  • Host – Specifies a log server that will receive the messages that are sent from the PIX.
  • SNMP – Enables sending logmessages as SNMP trap notifications.

Logging Levels
Messages at the specified level, as well as any higher severity level messages, are logged . For example, if the log level is 3, the syslog displays 0, 1, 2, and 3 messages. Possible number and string level values are as follows:

  • 0emergencies – System unusable messages
  • 1alerts – Take immediate action
  • 2critical – Critical condition
  • 3errors – Error message
  • 4warnings – Warning message
  • 5notifications – Normal but significant condition
  • 6informational – Information message
  • 7debugging – Debug messages and log FTP commands and WWW URLs

Configuring Message Output
In Figure , the PIX Security Appliance is configured to send the logging messages to Syslog server 10.0.0.12. The messages sent will consist of warning messages and higher severity. Each message is time stamped and identified with a device-id of pix6. Lastly, logging is turned on.

In Figure , the administrator configured the PIX Security Appliance to send warning messages, and higher severity messages, to the PIX Security Appliance logging buffer.

The show logging Command
Use the show logging command to see the logging configuration and any internally buffered messages. Use the clear logging buffer command to clear the buffer to make viewing the most current messages easier. In Figure , logging is enabled. The PIX Security Appliance will send warning messages, and higher severity messages, to a syslog server and the PIX internal buffer. On syslog messages, fw1 device-id and a timestamp will be appended.