How to configure PIX change alert

Can any please guide that how to detect realtime changes on PIX 6.3 and 7.1

I am unable to get realtime change detection for PIX. I am using SYSLOG to monitor change alerts.

Thanks,

Khizar Khan

Find more posts tagged with

Accepted answers

All comments

Perhaps you need to configure your pix severity level for syslog. Here are some of the ones you are probably interested in:

Notification Messages, Severity 5

The following messages appear at severity 5, notifications:

•%PIX-5-109012: Authen Session End: user 'user', sid number, elapsed number seconds

•%PIX-5-111002: Begin configuration: IP_address writing to device

•%PIX-5-111003: IP_address Erase configuration

•%PIX-5-111004: IP_address end configuration: {FAILED|OK}

•%PIX-5-111005: IP_address end configuration: OK

•%PIX-5-111007: Begin configuration: IP_address reading from device.

•%PIX-5-111008: User user executed the command string

•%PIX-5-199001: PIX reload command executed from telnet (remote IP_address).

•%PIX-5-304001: user source_address Accessed {JAVA URL|URL} dest_address: url.

•%PIX-5-304002: Access denied URL url SRC IP_address DEST IP_address: url

•%PIX-5-500001: ActiveX content modified src IP_address dest IP_address on interface interface_name.

•%PIX-5-500002: Java content modified src IP_address dest IP_address on interface interface_name.

•%PIX-5-500003: Bad TCP hdr length (hdrlen=bytes, pktlen=bytes) from source_address/source_port to dest_address/dest_port, flags: tcp_flags, on interface interface_name

•%PIX-5-501101: User transitioning priv level

•%PIX-5-502101: New user added to local dbase: Uname: user Priv: privilege_level Encpass: string

•%PIX-5-502102: User deleted from local dbase: Uname: user Priv: privilege_level Encpass: string

•%PIX-5-502103: User priv level changed: Uname: user From: privilege_level To: privilege_level

•%PIX-5-503001: Process number, Nbr IP_address on interface_name from string to string, reason

•%PIX-5-611103: User logged out: Uname: user

•%PIX-5-611104: Serial console idle timeout exceeded

•%PIX-5-612001: Auto Update succeeded:filename, version:number

Also if you need help configuring the log level on your pix see:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/monitor.html#wp1064726

Thanks for your support. but links you shared are not working.

I just want to backup configuration file of PIX as soon as configuration is changed. The way NCM do for Routers and Switches.

Can anyone help me out in this.

Thanks,

Khizar Khan

Here's where they came from:

http://www.cisco.com/en/US/docs/security/pix/pix52/system/message/pixemapa.html

Quick Links