Syslog
Configuration
The PIX firewall logging feature can be invaluable in
troubleshooting, capacity planning, and dealing with security incidents. For
security purposes, the events to log are interface status changes, changes to
the system configuration, and access list matches, as well as events detected by
the firewall and intrusion-detection features. The PIX Firewall generates Syslog
messages for system events, such as security alerts and resource depletion.
Syslog messages can be used to create mail alerts and log files, or to display
on the console of a designated host using UNIX syslog conventions.
The PIX Firewall Syslog message facility is a useful means to view
troubleshooting messages and to watch for network events, such as attacks and
service denials. You can view Syslog messages either from the firewall console
or from a Syslog server that the PIX Firewall sends Syslog messages to.
|
Note |
If you don’t have access to a Syslog server, go to Kiwi
Enterprises at http://www.kiwisyslog.com/index.htm and download its free Kiwi
Syslog Daemon. See the exercise at the end of the Logging
topic. |
When using TCP as the logging transport protocol, the PIX Firewall
stops forwarding logging traffic as a security measure if any of the following
error conditions occur.
-
The PIX Firewall is unable to reach the Syslog server
-
The Syslog server is misconfigured
-
The disk on the Syslog server is full
UDP-based logging doesn’t have a similar mechanism to prevent the
PIX Firewall from passing traffic if the Syslog server fails.
Sections
Comments (0 posted)
Syndication
