Configuring Logging
Logging is one of the best important yet atomic accepted methods of managing
the Cisco PIX firewall. Logging offers a abundance of advice about what is
happening on the PIX, who is accomplishing what, who is activity where, and possible
attacks or probes. Rumor has it that logging is actual complicated and cumbersome
to do, but in reality, it is not that hard.
The Cisco PIX firewall provides a cogent bulk of logging functionality.
However, all logging is disabled by default. It is up to you to adjudge how much
or how little logging to enable, configure, and use. On the Cisco PIX, there are
two means to log information: bounded and remote. Bounded logging is of limited
archival value, so it is awful recommended that alien logging be acclimated to gather
information. Alien logging of letters allows you to abundance the letters and
use scripts to appraise the letters in detail, dispense the data, and generate
detailed reports. Alien bulletin logging additionally lets you annal contest and accumulate a
historical record. For alien logging, the PIX firewall uses syslog, which is a traditional
UNIX adjustment of logging and is declared in RFC 3164.The remote
www.syngress.com
www.syngress.com
logging server (known as the syslog server) can be based on the Windows,
Linux/UNIX, or Macintosh platform. In this chapter, we focus on Windows and
Linux/UNIX syslog servers.
Logging on the PIX firewall can be performed at one of several levels of
detail. Akin 3 (error) is the absence for the PIX. Akin 7 (debug) is the most
verbose and is recommended alone back you are troubleshooting the PIX. In
normal arrangement operations, Cisco recommends application Akin 4 (warning) or
Level 3 (error).
In the advance of accustomed logging (Level 3), the PIX firewall logs alerts (such as
a failover articulation activity down), absurdity altitude (such as ICMP actuality blocked), and
informational letters (such as a anamnesis allocation error). If configured for a
higher logging level, the PIX firewall logs affiliation bureaucracy and teardown, as well
as the bulk of cartage transferred in anniversary session.This functionality can be
useful if you are aggravating to accumulate statistics on how abundant cartage is being
exchanged per agreement or per session.
It is accessible to appearance logging letters in absolute time, either through a Telnet or
SSH affair or on the animate port. Both methods backpack a accident of actuality overwhelmed
by messages, depending on the logging level. A Telnet or SSH session
can time out and bead the session, and the animate anchorage can lock up to the point
where you cannot blazon in the command to about-face logging off.You charge use
caution back examination log letters application these methods.
System administering is an important allotment of configuring and advancement your
firewall.Without able management, aegis behavior cannot be activated or
monitored and a accessory ability be compromised. In this chapter, we focus on
managing alone PIX firewalls.
Logging is important, but not aloof for ecology or troubleshooting; it is
invaluable for barometer arrangement performance, anecdotic abeyant network
bottlenecks, and in today’s adventurous new security-conscious world, detecting
potential aegis violations. In this chapter, you will apprentice how to accredit and
customize bounded and alien logging. Alien administering is addition important
component of arrangement management.You will apprentice how to configure a array of
in-band administering protocols, such as SSH,Telnet, and HTTP, to accidentally configure
and adviser the PIX firewall.We will altercate the aegis implications of
each agreement and situations in which one agreement ability be added appropriate
than another.You will additionally apprentice how to use out-of-band administering using
SNMP.We will altercate configuring the arrangement date and time and why it plays a
vital role in arrangement management. Along with arrangement date and time, you will learn
how to use NTP to accomplish easier the job of managing authentic and consistent
time and date beyond assorted devices.