[c-nsp] PIX ACE Logging

[Bagosi Rómeó]

Hi all!

 

I want to apply some ACL-s on my PIX firewall:

 

access-list my_acl permit icmp any any

access-list my_acl permit udp host 1.1.1.1 any eq snmp

access-list my_acl permit ip any 2.2.2.2 255.255.255.0

access-list my_acl permit ip any host 3.3.3.3

access-list my_acl permit ip any any

 

For the first time, I want to log all the permitted connections, and I put a permit any any statement at the end of the ACL to see what connection will I deny in the future, and I send the messages to a syslog server.

I want to see in my logs the last ACE line with a different message number... Can I do this? But I also want to see the other ACE logs...

To see when a connection is permitted I have to put the log keyword to the end of the ACE line, because by default I can't see it at any severity level...

But if I put at the end of all that lines I can't differ one ACE from another...

Can this problem solved on PIX firewalls?

 

 

Than you for help,

Romeo Bagosi