Step 1 Enable Syslog logging: pixPconfig# logging on Step 2 Begin storing messages to the PIX Firewall message buffer and set the logging level to debugging: pixPconfig# logging buffe
Trang 1Lab Exercise—Configure Syslog Output to
a Syslog Host or Server from the PIX Firewall
Complete the following lab exercises to practice what you have learned
Objectives
In this lab exercise you will complete the following tasks:
■ Configure Syslog output
■ Configure Syslog output to a Syslog server
Visual Objective
The following figure displays the topology of the lab environment used in this exercise
Lab Visual Objective
Inside host Syslog server
Internet server web, FTP, and TFTP server
PIX Firewall
192.168.P.0/24
e1 inside 1
.2 10.0.P.0 /24
e0 outside 1
e2 dmz 172.16.1.P Bastion host
web and FTP server
192.168.P.2
.50 172.16.1.0/24
Internet
Trang 2Access and Lab Setup
To do this lab exercise, you must be connected to the lab at www.labgear.net Your instructor will provide the username and password for logging into this site Once logged on, the lab diagram will be displayed (the picture below is for Pod #1):
To access the PIX Firewall from the main lab diagram, click on the “CONSOLE” icon
associated with the PIX Firewall A window will open to the PIX console To access the
inside or outside clients, click on the appropriate ”PC Desktop” icon For these devices you must first authenticate at the “VNC Authentication” screen before you can access the PC
desktop
Passwords
Use the following passwords for this lab:
■ Lab Gear password: Your instructor will provide it
■ PIX password: Either no password (just press the Enter key) or cisco
■ PC client or server: The username is administrator and there is no password (just press the Enter key)
Trang 3Task 1—Configure Syslog Output Local to PIX
Perform the following steps and enter the commands as directed to configure Syslog output
Step 1 Enable Syslog logging:
pixP(config)# logging on
Step 2 Begin storing messages to the PIX Firewall message buffer and set the logging
level to debugging:
pixP(config)# logging buffered debugging
Step 3 Clear the translation table and the message buffer on the PIX firewall:
pixP(config)# clear xlate pixP(config)# clear logging
Step 4 Generate some logging messages Go to the inside client and open a web browser
Type in the address of the outside server, 192.168.P.2 (P = your pod number)
You should still be able to access the outside server’s web page
Step 5 View the Syslog messages you generated in the previous Step with the show
logging command New messages appear at the end of the display Note that the
current logging level is shown in the output:
pixP(config)# show logging
Syslog logging: enabled Facility: 20 Timestamp logging: disabled Standby logging: disabled Console logging: disabled Monitor logging: disabled
Buffer logging: level debugging, 77 messages logged
Trap logging: disabled History logging: disabled Device ID: disabled 111008: User 'enable_15' executed the 'clear logging' command
609001: Built local-host inside:10.0.1.2 305009: Built dynamic translation from inside:10.0.1.2 to outside:192.168.1.24 302013: Built outbound TCP connection 9 for outside:192.168.1.2/80
(192.168.1.2/80) to inside:10.0.1.2/1219 (192.168.1.24/1219) 304001: 10.0.1.2 Accessed URL 192.168.1.2:/
Trang 4Step 6 Clear messages in the buffer and verify they are cleared
pixP(config)# clear logging pixP(config)# show logging
Syslog logging: enabled Facility: 20 Timestamp logging: disabled Standby logging: disabled Console logging: disabled Monitor logging: disabled Buffer logging: level debugging, 85 messages logged Trap logging: disabled
History logging: disabled Device ID: disabled
111008: User 'enable_15' executed the 'clear logging' command
Step 7 Set the logging buffered command back to a minimal level
pixP(config)# logging buffered alerts pixP(config)# show logging
Syslog logging: enabled Facility: 20 Timestamp logging: disabled Standby logging: disabled Console logging: disabled Monitor logging: disabled
Buffer logging: level alerts, 86 messages logged
Trap logging: disabled History logging: disabled Device ID: disabled
Trang 5Task 2—Configure Syslog Output to a Syslog Server
You will configure the PIX to send Syslog messages to the inside client The inside client is running a freeware Syslog server from Kiwi Enterprises There are many others available for use
Step 1 Access the inside client by clicking on the PC Desktop icon The VNC password
is cisco
Step 2 On the inside client, verify that the Kiwi Syslog server is started On the inside
client desktop, double click on the Kiwi Syslog Daemon icon The Syslog server
will start If you see any old messages, clear them by clicking on View->Clear
display Verify that “Display 00 (Default)” is displayed near the top of the Kiwi
Syslog Daemon window
Step 3 On the PIX firewall, designate a host to receive the messages with the logging
host command For normal Syslog operations to any Syslog server, use the default
message protocol
pixP(config)# logging host inside 10.0.P.2
(where P = pod number)
Step 4 Set the highest possible logging level to the Syslog server or host with the logging
trap debugging command This command is used to start sending messages to the
Syslog server or host:
pixP(config)# logging trap debugging
Step 5 Start sending messages
pixP(config)# logging on
Step 6 Issue the following commands on the PIX Firewall:
pixP(config)# show version pixP(config)# write memory pixP(config)# clear xlate
Step 7 Go to the inside client, and view the messages received by the Syslog server If
you don’t see any messages, check that you used the correct interface and IP
address with the logging host command
Completion Criteria
If you see the messages in the Syslog application, you have successfully completed