PIX – Logging Buffer – View logs on your PIX

If you need to view the logs on your pix, as you haven’t got a syslog server, or you haven’t got access to it, you can access the logs on the pix itself and grep your way through, by using and enabling the logging buffer.

Below shows you how to enable and disable the logging buffer. Before enabling and after enabling it may be worth checking your pix memory (sh mem), and also making sure you have paging enabled (command ‘pager 24‘), so that you view the logs in sections.

To enable logging using the buffer…

pixfirewall(config)#show logging
Syslog logging: enabled
    Facility: 22
    Timestamp logging: disabled
    Standby logging: disabled
    Deny Conn when Queue Full: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: level informational, facility 2
        Logging to dmz 172.16.1.50 errors: 6  dro
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: disabled
pixfirewall(config)#
pixfirewall(config)# logging buffered informational
pixfirewall(config)# logging buffer-size 120000
pixfirewall(config)# sh logging | grep  Teardown
%PIX-6-302014: Teardown TCP connection 416553 for
side:192.168.0.9/1315 duration 0:00:00 bytes 5673

 To disable buffer logging and the logs within the buffer…

pixfirewall(config)# no logging buffered
pixfirewall(config)# no logging buffer-size
pixfirewall(config)# sh logging
Syslog logging: enabled
    Facility: 22
    Timestamp logging: disabled
    Standby logging: disabled
    Deny Conn when Queue Full: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: level informational, facility 22, 1713109 messages logged
        Logging to dmz 172.16.1.50 errors: 6  dropped: 413
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: disabled

• Author
• Recent Posts

Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Latest posts by Rick Donato (see all)

• How to Configure a BIND Server on Ubuntu - March 15, 2018
• What is a BGP Confederation? - March 6, 2018
• Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial