sh log and remote syslog servers

Good day,

It has to be simple but...

I have a remote syslog server and I am (supposed) to have my logs of my PIX to that syslog. From an external SSH server, I try to ssh to my PIX. Since it is not allowed, I got something like this while typing show log

710003: TCP access denied by ACL from xxx.xxx.xxx.xxx/34624 to external:zzz.zzz.zzz.zzz/ssh

Surprise! scrolling the syslog messages, I do not have a trace of those ssh attempts.

fw(config)# sh capture capture remote-log buffer 100 interface external circular-buffer fwconfig)#

and

fw(config)# sh capture remote-log detail

845 packets captured 20:37:32.986734 0011.926a.3faa 0090.d0f5.d417 0x0800 74: zzz.zzz.zzz.zzz > xxx.xxx.xxx.xxx.6178: P 3495886061:3495886081(20) ack 1635468733 win 4096 (ttl 255, id 60449) 1 packet shown fw(config)#

I should see something to my remote syslog server.

How do I enable it? I need an higher verbose level.

Thank you,

Nicolas

In article , Micolas Namur wrote: :I have a remote syslog server and I am (supposed) to have my logs of my PIX :to that syslog. From an external SSH server, I try to ssh to my PIX. Since :it is not allowed, I got something like this while typing show log

:710003: TCP access denied by ACL from xxx.xxx.xxx.xxx/34624 to :external:zzz.zzz.zzz.zzz/ssh

:Surprise! scrolling the syslog messages, I do not have a trace of those ssh :attempts.

:I should see something to my remote syslog server.

:How do I enable it? I need an higher verbose level.

logging trap 3 or any higher number should enable the message.

It's a fairly high priority message. I wouldn't recommend running with logging trap set to anything less than 4.