Syslog Enabled Products  
 

Configuring syslog on Cisco PIX

Cisco’s PIX is a well known firewall appliance. It is highly scalable, from a small office or home environment to an enterprise environment. PIX is very widely used.

In this tutorial, we concentrate on configuring PIX via the graphical user interface, the PIX Device Manager (PDM). If you would like to setup the PIX via the command line, we recommend Cisco's PIX documentation at http://www.cisco.com/warp/public/110/pixsyslog.html.

Cisco’s PIX supports syslog over both TCP and UDP. While MonitorWare Agent and WinSyslog support both of these protocols, we will focus on UDP in our tutorial as this is the standard protocol. Therefore, if you would like to consolidate logs from multiple devices and one of them is PIX, you will probably take the syslog over UDP route.

PIX can be configured using either  a command line interface or the so-called PIX Device Manager (PDM), an HTML configuration application that comes with the PIX. Typically, PDM is used and as such we focus on it in our tutorial.

First, start PDM by pointing your Java-Enabled web browser to the PIX. Important: Use a HTTPS URL. This is badly documented by Cisco. Using http instead of https will cause your connection to fail! If, for example you PIX has the internal IP address of 172.16.0.1, use the following URL:

https://172.16.0.1

Once this is done, the PDM opens. Most probably, a number of Java security and certificate related questions open. Please allow the product to proceed. Also, a number of browser windows open. Finally, you should see a window similar to the following:


PDM Start Screen

Now, switch to the system properties tab:

Next, expand “Logging” in the treeview and then select “Logging Setup”. A screen similar to this one appears:

Make sure the “Enable Logging” box is checked as in the screenshot. Then, select “Syslog” in the treeview. This brings you to the page where syslog servers can be configured:

In the above example, no server is configured so far. This is the default setting for a freshly installed PIX. We will now configure a syslog server at IP 172.19.0.2. Press “Add” and the following dialog appears:

Typically, your syslog server will reside on the internal network. As such, leave the interface at “inside”. Then enter the IP Address of your syslog server into the field “IP Address”. In the screenshot, this has already been done. Next, make sure UDP is selected as protocol. The port value of 514 is the default and also the standard. There should be little need to modify it. If you do, make sure you fully understand the implications as a wrong port can disrupt traffic.

Of course, if you would like to use TCP logging, you can do so. However, in this case MonitorWare Agent must be configured to have at least one syslog listener running at the specified TCP port.  Also, please note that other products do typically not support syslog over TCP and as such, messages from these devices cannot be received by a syslog over TCP receiver.

After configuring the syslog settings, be sure to press OK to return to the PDM main screen:

Here, you can modify the syslog facility and level as well as include a PIX timestamp – see settings on the right.

Important: the configuration you have created has not been saved so far! To save it, you must press the “Apply to PIX” button. Depending on your configuration and PIX model, the “Apply” can take some time.

Once the “Apply” is finished, you see the following screen:

Please note the new "Save to Flash Needed" button. This one can easily be overlooked. When it is present, a new PIX configuration has been created but not permanently saved on the PIX. So you need to press “Safe to Flash Needed” in order to complete your configuration! If you forget the step, the PIX will either not forward syslog messages at all or stop doing so after the next PIX reboot.

Make sure that you see the following dialog before continuing:

This concludes the basic configuration of your PIX. You should now receive syslog messages on the configured syslog server. You can now close Cisco’s PDM. Of course, you can return at any time to change configuration settings or enable syslog messages to additional syslog servers you have created.

Interested in analyzing PIX firewall logs? MonitorWare Console is an analytical tool which comes with a PIX firewall reporting module.


Still problems enabling syslog? Find the solution in our forum or post a question there!

Syslog messages generated by these products can be received by MonitorWare Agent and WinSyslog.

All information in this section is to the best of our knowledge but without warrenty of any kind. This is free information - use it at your sole risk.

[Back to Syslog Enabled Products]


MonitorWare
 Home
 The Products
MonitorWare Products
Product Comparison
Which one to Purchase?
Order and Pricing
Upgrade Insurance Info
News Releases
Version History
MonitorWare Tools
 Event Repository
 Download
 Reference library
General Information
Step-by-step guides
 - All
 - Installation and Configuration
 - Services related
 - Actions related
 - Central Monitoring
Common Uses
Syslog configuration
Syslog Log Samples
Security Reference
 Help
Support
Manual
FAQ
 - All
 - General questions
 - Configurations related
 - Monitorware Agent
 - Monitorware Console
Articles
Seminars Online
 - All
 - General
 - MonitorWare Console
 - MonitorWare Agent
 - WinSyslog related
 - EventReporter
 Order & pricing
Order now
Product Comparison
Pricing Information
Upgrade Insurance Info
Local Reseller
 Contact Us
 Search
 
 



Printer Version Send this page to a friend

Copyright © 1988-2005 Adiscon GmbH All rights reserved.
Contact us via Secure Web Response | Privacy Policy
Topic Links: syslog | Free Weblinks Directory