Cisco PIX 500 Series Configuration Manual page 944
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring and Managing Logs
The tcp[/port] or udp[/port] argument specifies that the adaptive security appliance should use TCP or
UDP to send system log messages to the syslog server. The default protocol is UDP. You can configure
the adaptive security appliance to send data to a syslog server using either UDP or TCP, but not both. If
you specify TCP, the adaptive security appliance discovers when the syslog server fails and discontinues
sending logs. If you specify UDP, the adaptive security appliance continues to send logs regardless of
whether the syslog server is operational. The port argument specifies the port that the syslog server
listens to for system log messages. Valid port values are 1025 through 65535, for either protocol. The
default UDP port is 514. The default TCP port is 1470.
For example:
hostname(config)# logging host dmz1 192.168.1.5
If you want to designate more than one syslog server as an output destination, enter a new command for
each syslog server.
To specify which system log messages should be sent to the syslog server, enter the following command:
Step 2
hostname(config)# logging trap { severity_level | message_list }
Where the severity_level argument specifies the severity levels of messages to be sent to the syslog
server. You can specify the severity level number (0 through 7) or name. For severity level names, see
the
security appliance sends system log messages for level 3, 2, 1, and 0.
The message_list argument specifies a customized message list that identifies the system log messages
to send to the syslog server. For information about creating custom message lists, see the
System Log Messages with Custom Message Lists" section on page
The following example specifies that the adaptive security appliance should send to the syslog server all
system log messages with a severity level of level 3 (errors) and higher. The adaptive security appliance
will send messages with the severity of 3, 2, and 1.
hostname(config)# logging trap errors
(Optional) If needed, to continue TCP logging when the syslog server is down, enter the following
Step 3
command:
hostname(config)# logging host interface_name server_ip [tcp/port] [permit-hostdown]
Step 4
(Optional) If needed, set the logging facility to a value other than its default of 20 by entering the
following command:
hostname(config)# logging facility number
Most UNIX systems expect the system log messages to arrive at facility 20.
Sending System Log Messages to the Console Port
This section describes how to configure the adaptive security appliance to send logs to the console port.
To start logging to the console port as defined in this procedure, be sure to enable logging for all output
Note
locations. See the
disable logging, see the
page
To specify which system log messages should be sent to the console port, enter the following command:
Cisco Security Appliance Command Line Configuration Guide
42-8
"Severity Levels" section on page
"Enabling Logging to All Configured Output Destinations" section on page
"Disabling Logging to All Configured Output Destinations" section on
42-6.
Chapter 42
42-24. For example, if you set the level to 3, then the adaptive
Monitoring the Security Appliance
"Filtering
42-18.
42-6. To
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
