logging PIX

Chances are that you don't need to do exactly what you asked.

"All inbound connection attempts", by using the word "all", would include packets that would normally be discarded without any record made, such as packets with CRC errors, or packets in which the TCP or IP headers are malformed. You probably aren't running into any issue that would require you to log and analyze such packets, which is a good thing since packet-level logging and display is an advanced configuration that is probably a nuisance in PDM.

Chances are that you are having a more traditional address translation or access list problem. Those are much easier to deal with. Address translation issues are logged by default, if you have the message logging turned on at all. Some access list issues are also logged by default, but to really get a good grip on what is happening, you need to increase the amount of detail that gets logged.

Shrug. Probably, but historically speaking, it is quite uncommon for people to answer PDM questions here. PDM isn't an efficient use of our time, and we are all volunteers. As I indicated in the other thread, it is difficult to sustain the position that the visual interface is faster for you if it isn't getting you where you want to go and people aren't willing to invest the time to answer questions about it.

The CLI configuration mode commands to use would be,

logging on logging buffered debugging

After that, the CLI command show log would display roughly the last 10 things logged (it isn't a fixed number of messages though.) For more permanent logging (e.g., because the messages are being generated too quickly to read via show log ) then you set up a syslog server on some machine (e.g., Kiwi Syslog), and add the CLI configuration mode commands,

logging timestamp logging trap debugging logging host inside IPADDRESS

It is not recommended that you run in production with 'logging buffered' (i.e. what gets logged to the PIX RAM) set as high as 'debugging', so once you have your syslog working, change to

logging buffered warnings

Hi,

you got two options, as to throubleshoot connection problems.

1.: Use "logging moni deb" and issue Term Mon from conf mode. OBS - If your FW is heavy loaded this might not be the way to go. Alternatively you could use "logg moni warnings" instead, but this might not show what you need, depending upon the connectivity issue at hand. 2.: Use the capture command and create a ACL to limit only those you need to investigate. during the capture you can issue show cap NAME, and observe also you might want to downlaod etherreal and copy the capturefile, in pcap format, via tftp, and view it in the sniffer program (etherreal)

HTH Martin Bilgrav