fir3net
PPS-Firenetbanner-780.5x190-30-03-17

PIX - Logging Buffer - View logs on your PIX

If you need to view the logs on your pix, as you haven't got a syslog server, or you haven't got access to it, you can access the logs on the pix itself and grep your way through, by using and enabling the logging buffer.

Below shows you how to enable and disable the logging buffer. Before enabling and after enabling it may be worth checking your pix memory (sh mem), and also making sure you have paging enabled (command 'pager 24'), so that you view the logs in sections.

To enable logging using the buffer...

pixfirewall(config)#show logging
Syslog logging: enabled
    Facility: 22
    Timestamp logging: disabled
    Standby logging: disabled
    Deny Conn when Queue Full: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: level informational, facility 2
        Logging to dmz 172.16.1.50 errors: 6  dro
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: disabled
pixfirewall(config)#
pixfirewall(config)# logging buffered informational
pixfirewall(config)# logging buffer-size 120000
pixfirewall(config)# sh logging | grep  Teardown
%PIX-6-302014: Teardown TCP connection 416553 for
side:192.168.0.9/1315 duration 0:00:00 bytes 5673

 To disable buffer logging and the logs within the buffer...

pixfirewall(config)# no logging buffered
pixfirewall(config)# no logging buffer-size
pixfirewall(config)# sh logging
Syslog logging: enabled
    Facility: 22
    Timestamp logging: disabled
    Standby logging: disabled
    Deny Conn when Queue Full: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: level informational, facility 22, 1713109 messages logged
        Logging to dmz 172.16.1.50 errors: 6  dropped: 413
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: disabled

Tags: PIX, Cisco, Logging

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001