How to configure linux as a log host of the pix

Environment: PIX515e and Redhat 8.0
I. linux Configuration:
1. vi/etc/sysconfig/syslog (press I to enter the vi editing status, Press ESC to return to the command line status after the editing is complete, and then enter: wq to save the disk and exit, if you do not save the disk, enter: q)

Modify the code: SYSLOGD_OPTIONS = "-m 0" to the Code: SYSLOGD_OPTIONS = "-r-m 0" //-r allows message writing from a remote host

2. vi/etc/syslog. conf
Add the following content
Record all logs of the device number local4 (the default device number of the pix, corresponding to the facility of the PIX side 20) to the/var/log/pix. log Code:

#Save pix messages all to pix.loglocal4.* &/var/log/pix.log

3. To avoid excessive logs, configure log rotation (man logrotate to view detailed help information)

Vi/etc/logrotate. conf Add the following code: # system-specific logs may be also be configured here./var/log/pix. log {weeklyrotate 4 &}

4. Restart the syslog service:

[root@localhost &etc]# service syslog restart

Ii. PIX Configuration:
Code:

Pix # logging on & pix # logging host 192.168.0.1 // host IPpix that records logs # logging trap 7 & // specify the log message level (0: urgent (Emergencies) 1: alarm (Alerts) 2: Critical (Critical) 3: Error (Errors) 4: Warning (Warnings) 5: Notifications 6: Information (Informational) 7: debug (Debugging) pix # logging facility 20 // change the device number, by default, the PIX is local20pix # exitpix # sh logging. // you can check whether the current log records start the pix # wr mem & // Save the configuration.

3. Check whether the configuration is successful and correct:
1. Run sh logging in the pix enable mode to check whether logging is enabled:
Code:

pix# sh loggingSyslog logging:enableFacility:20Timestamp logging: disabledStandby logging: discableConsole logging: discableMonitor logging: discableBuffer logging: discableTrap logging: level warnings,373000 messages logged& & & & &Logging to inside 192.168.0.1History logging: discableDevice ID: discablepix#

2. Run on linux

[root@localhost &etc]# tail –f &/var/log/pix.log

Check for logs. Press Ctrl + c
3. troubleshooting and experiences:
The following are errors encountered during debugging:
(1) [disable] enable the Syslog logging service: Run [no] logging on [disable] In the pix configuration mode to enable the Service.
(2) No log records are found when tail-f/var/log/pix. log command is used:
Due to no carelessness, logs cannot be output due to the configuration of facility 4 on the pix end. log on to the Pix and run logging facility 20 in configuration mode;
Logs cannot be output due to network problems between linux and the pix. At the beginning, logs cannot be pinged to the pix from linux, but logs can be pinged to the linx from the pix, later, the check was due to firewall restrictions. If not, stop the Firewall service in Linux and run [root @ localhost & etc] # service iptables stop
(3) During configuration, due to carelessness, the correct command may also write an error, which is also a cause of configuration failure, in addition, if you do not know anything during the configuration process, you can directly go to the official website for reference.
(4) If you are not familiar with the configuration process, you should first check whether you have lost or missed the command. Refer to the official documentation, search for the same questions from previous netizens on the Forum, and ask more questions and communicate with others.

Related Articles]

• PIX Configuration Overview

• PIX Firewall command set

• PHPix Remote Arbitrary Command Execution Vulnerability