If you need to view the logs on your pix, as you haven’t got a syslog server, or you haven’t got access to it, you can access the logs on the pix itself and grep your way through, by using and enabling the logging buffer.
Below shows you how to enable and disable the logging buffer. Before enabling and after enabling it may be worth checking your pix memory (sh mem), and also making sure you have paging enabled (command ‘pager 24‘), so that you view the logs in sections.
To enable logging using the buffer…
pixfirewall(config)#show logging
Syslog logging: enabled
Facility: 22
Timestamp logging: disabled
Standby logging: disabled
Deny Conn when Queue Full: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: disabled
Trap logging: level informational, facility 2
Logging to dmz 172.16.1.50 errors: 6 dro
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: disabled
pixfirewall(config)#
pixfirewall(config)# logging buffered informational
pixfirewall(config)# logging buffer-size 120000
pixfirewall(config)# sh logging | grep Teardown
%PIX-6-302014: Teardown TCP connection 416553 for
side:192.168.0.9/1315 duration 0:00:00 bytes 5673
To disable buffer logging and the logs within the buffer…
pixfirewall(config)# no logging buffered
pixfirewall(config)# no logging buffer-size
pixfirewall(config)# sh logging
Syslog logging: enabled
Facility: 22
Timestamp logging: disabled
Standby logging: disabled
Deny Conn when Queue Full: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: disabled
Trap logging: level informational, facility 22, 1713109 messages logged
Logging to dmz 172.16.1.50 errors: 6 dropped: 413
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: disabled
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become an IT Security expert?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial