From jrego at lynn.edu  Thu Mar 20 03:36:58 2008
From: jrego at lynn.edu (Joey Rego)
Date: Thu, 20 Mar 2008 04:36:58 -0400
Subject: [pixla-logs] Access List Logging
Message-ID: <078BA49407386E4786123CA98A82CF558CF704@lynnmail01.lynn.local>

Currently in my firewall we have access lists with logging turned on.
Something like this:

 

access-list outside_access_in line 26 extended permit tcp any host
X.X.X.X eq https log informational interval 300

 

Will I see this in the PLA anywhere or is it pointless to have this on
the acls because logging is turned on already?

 

This is currently what I have enabled on the PIX.  Am I missing
anything?  Could I add any more? 

logging enable

logging timestamp

logging buffered informational

logging trap informational

logging asdm informational

logging facility 22

logging device-id hostname

logging host inside 10.10.1.91

logging message 101001 level informational

ip audit name attack attack action alarm drop reset

ip audit name info info action alarm

ip audit interface outside info

ip audit interface outside attack

ip audit attack action drop

 

lastly I was making some changes on the pix.  I have accounting set up
so that I can see who made what change when.  But for some reason I only
saw a few of the changes that I made and not all.  Is there something
that I may have missed?  

 

Here is what I have configured on the firewall. 

aaa accounting command TACACS_SVR

aaa accounting enable console TACACS_SVR

aaa accounting ssh console TACACS_SVR

aaa accounting telnet console TACACS_SVR

aaa accounting serial console TACACS_SVR

 

 

Thanks for any help you can provide.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://logging-architecture.net/pipermail/pixla-logs_logging-architecture.net/attachments/20080320/560b114b/attachment.html