It has to be simple but...
I have a remote syslog server and I am (supposed) to have my logs of my PIX to that syslog. From an external SSH server, I try to ssh to my PIX. Since it is not allowed, I got something like this while typing show log710003: TCP access denied by ACL from xxx.xxx.xxx.xxx/34624 to external:zzz.zzz.zzz.zzz/ssh
Surprise! scrolling the syslog messages, I do not have a trace of those ssh attempts.
fw(config)# sh capture capture remote-log buffer 100 interface external circular-buffer fwconfig)#
fw(config)# sh capture remote-log detail845 packets captured 20:37:32.986734 0011.926a.3faa 0090.d0f5.d417 0x0800 74: zzz.zzz.zzz.zzz > xxx.xxx.xxx.xxx.6178: P 3495886061:3495886081(20) ack 1635468733 win 4096 (ttl 255, id 60449) 1 packet shown fw(config)#
I should see something to my remote syslog server.
How do I enable it? I need an higher verbose level.